Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt 1.2.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-7146
The XmlImportExport plugin in MantisBT 1.2.17 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function wi...
Mantisbt Mantisbt 1.2.17
2 EDB exploits
7.5
CVSSv2
CVE-2014-8554
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT prior to 1.2.18 allows remote malicious users to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete...
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.9
7.5
CVSSv2
CVE-2014-1609
Multiple SQL injection vulnerabilities in MantisBT prior to 1.2.16 allow remote malicious users to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in co...
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
7.5
CVSSv2
CVE-2014-1608
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT prior to 1.2.16 allows remote malicious users to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.9
Debian Debian Linux 7.0
7.5
CVSSv2
CVE-2012-1123
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT prior to 1.2.9 allows remote malicious users to bypass authentication via a null password.
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.2
7.5
CVSSv2
CVE-2012-2691
The mc_issue_note_update function in the SOAP API in MantisBT prior to 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.18.0
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.9
6.8
CVSSv2
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
6.4
CVSSv2
CVE-2012-1119
MantisBT prior to 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote malicious users to copy bug reports without detection.
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.0.8
5.8
CVSSv2
CVE-2015-1042
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 up to and including 1.2.18 uses an incorrect regular expression, which allows remote malicious users to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator i...
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.18
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.6
5.5
CVSSv2
CVE-2012-5523
core/email_api.php in MantisBT prior to 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 0.19.0
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 0.19.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »