Vulnerabilities (CVE)

Vendor filter

Mantisbt Subscribe

Product filter

Mantisbt Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-9572 1 Mantisbt 1 Mantisbt 2017-09-08 7.5
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
CVE-2014-9280 1 Mantisbt 1 Mantisbt 2017-09-08 7.5
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.
CVE-2014-8554 1 Mantisbt 1 Mantisbt 2017-09-08 7.5
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability...
CVE-2014-7146 1 Mantisbt 1 Mantisbt 2017-09-08 7.5
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the...
CVE-2012-2691 1 Mantisbt 1 Mantisbt 2017-08-29 7.5
The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
CVE-2014-1609 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2017-01-07 7.5
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2)...
CVE-2014-1608 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2017-01-07 7.5
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
CVE-2014-9089 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2017-01-03 7.5
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
CVE-2012-1123 1 Mantisbt 1 Mantisbt 2013-08-27 7.5
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.