Lucene search

[email protected]CVE-2014-9089

HistoryNov 28, 2014 - 3:59 p.m.

CVE-2014-9089

2014-11-2815:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

mantisbt

security vulnerability

nvd

6.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq1.2
mantisbt:mantisbtmantisbtle1.2.17

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	1.2
mantisbt:mantisbt	mantisbt	le	1.2.17

References

secunia.com/advisories/62101

www.debian.org/security/2015/dsa-3120

www.openwall.com/lists/oss-security/2014/11/25/14

www.openwall.com/lists/oss-security/2014/11/26/6

www.securityfocus.com/bid/71298

github.com/mantisbt/mantisbt/commit/b0021673ab23249244119bde3c7fcecd4daa4e7f

www.mantisbt.org/bugs/view.php?id=17841

6.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2014-9089

prion1 ubuntucve1 cvelist1 nessus6 openvas6 fedora3 debian1 archlinux1 securityvulns1 osv1