CVE-2014-1608

2014-03-18T13:03:00
ID CVE-2014-1608
Type cve
Reporter NVD
Modified 2017-01-06T21:59:41

Description

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.