5

CVE-2010-4349

Exploit
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MantisbtMantisbt Version <= 1.2.3
MantisbtMantisbt Version0.18.0
MantisbtMantisbt Version0.19.0
MantisbtMantisbt Version0.19.0 Updaterc1
MantisbtMantisbt Version0.19.0a1
MantisbtMantisbt Version0.19.0a2
MantisbtMantisbt Version0.19.1
MantisbtMantisbt Version0.19.2
MantisbtMantisbt Version0.19.3
MantisbtMantisbt Version0.19.4
MantisbtMantisbt Version0.19.5
MantisbtMantisbt Version1.0.0
MantisbtMantisbt Version1.0.0 Updaterc1
MantisbtMantisbt Version1.0.0 Updaterc2
MantisbtMantisbt Version1.0.0 Updaterc3
MantisbtMantisbt Version1.0.0 Updaterc4
MantisbtMantisbt Version1.0.0 Updaterc5
MantisbtMantisbt Version1.0.0a1
MantisbtMantisbt Version1.0.0a2
MantisbtMantisbt Version1.0.0a3
MantisbtMantisbt Version1.0.1
MantisbtMantisbt Version1.0.2
MantisbtMantisbt Version1.0.3
MantisbtMantisbt Version1.0.4
MantisbtMantisbt Version1.0.5
MantisbtMantisbt Version1.0.6
MantisbtMantisbt Version1.0.7
MantisbtMantisbt Version1.0.8
MantisbtMantisbt Version1.1.0
MantisbtMantisbt Version1.1.1
MantisbtMantisbt Version1.1.2
MantisbtMantisbt Version1.1.4
MantisbtMantisbt Version1.1.5
MantisbtMantisbt Version1.1.6
MantisbtMantisbt Version1.1.7
MantisbtMantisbt Version1.1.8
MantisbtMantisbt Version1.2.0
MantisbtMantisbt Version1.2.1
MantisbtMantisbt Version1.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.84% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
http://secunia.com/advisories/42772
http://www.mantisbt.org/blog/?p=123
http://www.vupen.com/english/advisories/2011/0002
http://openwall.com/lists/oss-security/2010/12/15/4
Patch
Exploit
http://openwall.com/lists/oss-security/2010/12/16/1
Patch
Exploit
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
Patch
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=663230
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463