6.4

CVE-2014-8598

EPSS 67.36%
Published 18.11.2014 15:59:06
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page.  NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Mantisbt ≫ Mantisbt Version <= 1.2.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	67.36%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/62101

http://www.debian.org/security/2015/dsa-3120

http://www.mantisbt.org/bugs/view.php?id=17780

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/11/07/28

http://www.securityfocus.com/bid/70996

https://exchange.xforce.ibmcloud.com/vulnerabilities/98573

https://github.com/mantisbt/mantisbt/commit/80a15487

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-8598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8598

EUVD