Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantisbt mantisbt vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2019-15074
The Timeline feature in my_view_page.php in MantisBT up to and including 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for ...
Mantisbt Mantisbt
8.8
CVSSv3
CVE-2017-7615
MantisBT up to and including 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Mantisbt Mantisbt
1 EDB exploit
8.1
CVSSv3
CVE-2009-20001
An issue exists in MantisBT prior to 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as...
Mantisbt Mantisbt
7.8
CVSSv3
CVE-2021-43257
Lack of Neutralization of Formula Elements in the CSV API of MantisBT prior to 2.25.3 allows an unprivileged malicious user to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2020-35849
An issue exists in MantisBT prior to 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged malicious user to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bu...
Mantisbt Mantisbt
7.5
CVSSv3
CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT prior to 1.2.19.
Mantisbt Mantisbt
7.2
CVSSv3
CVE-2019-15715
MantisBT prior to 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Mantisbt Mantisbt
6.5
CVSSv3
CVE-2020-29604
An issue exists in MantisBT prior to 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private ...
Mantisbt Mantisbt
6.5
CVSSv3
CVE-2020-28413
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
Mantisbt Mantisbt 2.24.3
6.5
CVSSv3
CVE-2018-9839
An issue exists in MantisBT up to and including 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to re...
Mantisbt Mantisbt 2.0.0
Mantisbt Mantisbt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »