7.5
CVE-2014-9572
- EPSS 2.49%
- Veröffentlicht 26.01.2015 15:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.49% | 0.825 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://www.securitytracker.com/id/1031633
https://www.htbridge.com/advisory/HTB23243
https://www.mantisbt.org/bugs/view.php?id=17937
http://seclists.org/oss-sec/2015/q1/158
https://exchange.xforce.ibmcloud.com/vulnerabilities/100211
https://www.mantisbt.org/bugs/view.php?id=17939