SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

Published : 2015-01-26 15:59 Updated : 2017-09-08 01:29

CVSS Score More info
Score 6.0 / 10
Vendor Product Version URI
Mantisbt Mantisbt 1.3.0 cpe:/a:mantisbt:mantisbt:1.3.0:beta1
Mantisbt Mantisbt 1.2.18 cpe:/a:mantisbt:mantisbt:1.2.18
  1. Mantisbt (1) Search CVE
    1. Mantisbt (2) Search CVE
      1. 1.3.0
      2. 1.2.18


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2017-09-08 05:32
2015-01-26 15:59