Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6
CVSSv2

CVE-2014-9573

Published: 26/01/2015 Updated: 08/09/2017
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Mantisbt

Vulnerability Summary

SQL injection vulnerability in manage_user_page.php in MantisBT prior to 1.2.19 and 1.3.x prior to 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mantisbt mantisbt

mantisbt mantisbt 1.3.0

Exploits

Exploit DB: MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
MantisBT version 1217 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities ...

References

CWE-89https://www.mantisbt.org/bugs/view.php?id=17940https://github.com/mantisbt/mantisbt/commit/7cc4539fhttps://www.htbridge.com/advisory/HTB23243https://www.mantisbt.org/bugs/view.php?id=17937https://github.com/mantisbt/mantisbt/commit/69c2d28dhttp://seclists.org/oss-sec/2015/q1/157http://www.securitytracker.com/id/1031633https://exchange.xforce.ibmcloud.com/vulnerabilities/100210https://nvd.nist.govhttps://packetstormsecurity.com/files/130173/MantisBT-1.2.17-XSS-Improper-Access-Control-SQL-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook