Lucene search

[email protected]NVD:CVE-2018-6382

HistoryJan 30, 2018 - 6:29 a.m.

CVE-2018-6382

2018-01-3006:29:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

45.8%

JSON

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass

Affected configurations

Nvd

Node

mantisbtmantisbtMatch2.10.0

VendorProductVersionCPE
mantisbtmantisbt2.10.0cpe:2.3:a:mantisbt:mantisbt:2.10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mantisbt	mantisbt	2.10.0	cpe:2.3:a:mantisbt:mantisbt:2.10.0:::::::*

References

archive.is/https:/mantisbt.org/bugs/view.php?id=23908

mantisbt.org/bugs/view.php?id=23908

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

45.8%

JSON

Related for NVD:CVE-2018-6382

openvas2 cve1 prion1 cvelist1