Mantisbt

Mantisbt

119 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.1

CVE-2013-1810

  • EPSS 0.15%
  • Veröffentlicht 15.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_pr...

7.5

CVE-2014-1609

Exploit
  • EPSS 0.55%
  • Veröffentlicht 20.03.2014 16:55:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limit...

7.5

CVE-2014-1608

Exploit
  • EPSS 0.61%
  • Veröffentlicht 18.03.2014 17:03:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

6.5

CVE-2014-2238

Exploit
  • EPSS 45.35%
  • Veröffentlicht 05.03.2014 16:37:41
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.

3.5

CVE-2013-4460

Exploit
  • EPSS 0.21%
  • Veröffentlicht 10.01.2014 15:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.

5.5

CVE-2012-5522

  • EPSS 0.18%
  • Veröffentlicht 16.11.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a...

5.5

CVE-2012-5523

  • EPSS 0.45%
  • Veröffentlicht 16.11.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing perm...

4.9

CVE-2012-1121

Exploit
  • EPSS 1.24%
  • Veröffentlicht 29.06.2012 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories.

3.6

CVE-2012-1122

Exploit
  • EPSS 1.22%
  • Veröffentlicht 29.06.2012 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold p...

7.5

CVE-2012-1123

  • EPSS 1.36%
  • Veröffentlicht 29.06.2012 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.