Lucene search
HistoryJan 26, 2015 - 3:59 p.m.
CVE-2014-9572
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.016
Percentile
87.5%
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
Affected configurations
Node
mantisbtmantisbtRange≤1.2.18
ORmantisbtmantisbtMatch1.3.0beta1
Related
cvelist
cvelist
CVE-2014-9572
2015-01-26 15:00:00
prion
prion
Code injection
2015-01-26 15:59:00
cve
cve
CVE-2014-9572
2015-01-26 15:59:11
ubuntucve
ubuntucve
CVE-2014-9572
2015-01-26 00:00:00
nessus
nessus
Fedora 20 : mantis-1.2.19-1.fc20 (2015-1364)
2015-02-09 00:00:00
Fedora 21 : mantis-1.2.19-1.fc21 (2015-1419)
2015-02-09 00:00:00
MantisBT 1.2.x < 1.2.19 Multiple Vulnerabilities
2015-02-24 00:00:00
htbridge
htbridge
Multiple vulnerabilities in MantisBT
2014-12-03 00:00:00
packetstorm
packetstorm
MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
2015-01-29 00:00:00
zdt
zdt
securityvulns
securityvulns
Multiple vulnerabilities in MantisBT
2015-02-02 00:00:00
openvas
openvas
MantisBT < 1.2.19, 1.3.x < 1.3.0-beta.2 Multiple Vulnerabilities
2015-02-03 00:00:00
Fedora Update for mantis FEDORA-2015-1419
2015-02-07 00:00:00
Fedora Update for mantis FEDORA-2015-12010
2015-08-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: mantis-1.2.19-1.fc21
2015-02-07 04:03:22
[SECURITY] Fedora 21 Update: mantis-1.2.19-3.fc21
2015-08-07 13:08:42
[SECURITY] Fedora 20 Update: mantis-1.2.19-1.fc20
2015-02-07 04:01:36
archlinux
archlinux
mantisbt: multiple issues
2015-02-06 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.016
Percentile
87.5%
Related for NVD:CVE-2014-9572