Mantisbt

Mantisbt

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2014-8598

  • EPSS 67.36%
  • Veröffentlicht 18.11.2014 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined wi...

7.5

CVE-2014-7146

  • EPSS 80.39%
  • Veröffentlicht 18.11.2014 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_repla...

7.5

CVE-2014-8554

Exploit
  • EPSS 0.74%
  • Veröffentlicht 13.11.2014 21:32:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists b...

5

CVE-2014-6387

Exploit
  • EPSS 0.32%
  • Veröffentlicht 22.10.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.

5

CVE-2013-1883

Exploit
  • EPSS 1.43%
  • Veröffentlicht 27.05.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.

4.3

CVE-2013-0197

  • EPSS 0.41%
  • Veröffentlicht 15.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.ph...

2.1

CVE-2013-1810

  • EPSS 0.15%
  • Veröffentlicht 15.05.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_pr...

7.5

CVE-2014-1609

Exploit
  • EPSS 0.55%
  • Veröffentlicht 20.03.2014 16:55:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limit...

7.5

CVE-2014-1608

Exploit
  • EPSS 0.61%
  • Veröffentlicht 18.03.2014 17:03:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

6.5

CVE-2014-2238

Exploit
  • EPSS 45.35%
  • Veröffentlicht 05.03.2014 16:37:41
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.