CVE-2014-1608

2014-03-18T17:03:00
ID CVE-2014-1608
Type cve
Reporter cve@mitre.org
Modified 2017-01-07T02:59:00

Description

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.