| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Exploit for Authentication Bypass by Primary Weakness in Mantisbt | 6 Jun 202614:06 | – | githubexploit | |
| CVE-2026-30849 | 23 Mar 202619:10 | – | attackerkb | |
| CVE-2026-30849 | 23 Mar 202619:16 | – | circl | |
| Mantis Bug Tracker 安全漏洞 | 23 Mar 202600:00 | – | cnnvd | |
| CVE-2026-30849 | 23 Mar 202619:10 | – | cve | |
| CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL | 23 Mar 202619:10 | – | cvelist | |
| EUVD-2026-14516 | 23 Mar 202620:28 | – | euvd | |
| MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL | 23 Mar 202620:28 | – | github | |
| CVE-2026-30849 | 23 Mar 202620:16 | – | nvd | |
| CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL | 23 Mar 202619:10 | – | osv |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(303449);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/27");
script_cve_id("CVE-2026-30849");
script_xref(name:"IAVB", value:"2026-B-0075");
script_name(english:"MantisBT < 2.28.1 SOAP API Authentication Bypass (GHSA-phrq-pc6r-f6gh)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an authentication bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of MantisBT installed on the remote host is prior to 2.28.1. It is, therefore, affected by a
vulnerability:
- An authentication bypass vulnerability exists in the SOAP API due to improper type checking on the password
parameter when running on MySQL family databases. Using a crafted SOAP envelope, an attacker knowing the
victim's username is able to login to the SOAP API without knowledge of the actual password and execute any
API function they have access to. (CVE-2026-30849)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54818cdb");
script_set_attribute(attribute:"solution", value:
"Upgrade to MantisBT version 2.28.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-30849");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/23");
script_set_attribute(attribute:"patch_publication_date", value:"2026/03/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/24");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mantisbt:mantisbt");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mantisbt_detect.nbin");
script_require_keys("installed_sw/MantisBT");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('http.inc');
include('vcf.inc');
var app = 'MantisBT';
var port = get_http_port(default:80);
var app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
if (empty_or_null(app_info)) audit(AUDIT_NOT_INST, app);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{'fixed_version': '2.28.1'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation