CVE-2014-2238

🗓️ 05 Mar 2014 15:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 67 Views🌐 WEB

SQL injection vulnerability in MantisBT 1.2.13 through 1.2.1

Reporter	Title	Published	Views	Family All 36
0day.today	MantisBT Admin SQL Injection Arbitrary File Read Vulnerability	4 Mar 201400:00	–	zdt
0day.today	Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration Exploit	14 Jan 201500:00	–	zdt
Tenable Nessus	MantisBT 1.2.13 < 1.2.17 SQLi	18 Feb 201500:00	–	nessus
Tenable Nessus	Fedora 20 : mantis-1.2.17-1.fc20 (2014-3421)	13 Mar 201400:00	–	nessus
Tenable Nessus	Fedora 19 : mantis-1.2.17-1.fc19 (2014-3440)	13 Mar 201400:00	–	nessus
Tenable Nessus	MantisBT 1.2.13 - 1.2.16 'admin_config_report.php' SQLi	22 Jan 201500:00	–	nessus
Circl	CVE-2014-2238	29 May 201815:50	–	circl
Cvelist	CVE-2014-2238	5 Mar 201415:00	–	cvelist
Fedora	[SECURITY] Fedora 20 Update: mantis-1.2.17-3.fc20	12 Oct 201405:01	–	fedora
Fedora	[SECURITY] Fedora 20 Update: mantis-1.2.17-4.fc20	12 Dec 201404:30	–	fedora

NVD

Node

mantisbt mantisbtMatch1.2.13

OR

mantisbt mantisbtMatch1.2.14

OR

mantisbt mantisbtMatch1.2.15

OR

mantisbt mantisbtMatch1.2.16

Source	Link
seclists	www.seclists.org/oss-sec/2014/q1/490
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/91563
mantisbt	www.mantisbt.domainunion.de/bugs/view.php
seclists	www.seclists.org/oss-sec/2014/q1/456
securityfocus	www.securityfocus.com/bid/65903
mantisbt	www.mantisbt.org/blog/

Parameter	Position	Path	Description	CWE
filter_config_id	request body	adm_config_report.php	SQL injection via unsafely filtered POST parameter filter_config_id in adm_config_report.php allowing arbitrary SQL execution.	CWE-89

17 Jun 2026 00:06Current

6.5Medium risk

Vulners AI Score6.5

CVSS 26.5

EPSS0.11311

cve-2014-2238 sql injection mantisbt adm_config_report.php nvd