Lucene search

PRIOn knowledge basePRION:CVE-2014-9573

HistoryJan 26, 2015 - 3:59 p.m.

Sql injection

2015-01-2615:59:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

CPENameOperatorVersion
mantisbteq1.3.0 beta1
mantisbtle1.2.18

CPE	Name	Operator	Version
	mantisbt	eq	1.3.0 beta1
	mantisbt	le	1.2.18

References

seclists.org/oss-sec/2015/q1/157

www.securitytracker.com/id/1031633

exchange.xforce.ibmcloud.com/vulnerabilities/100210

github.com/mantisbt/mantisbt/commit/69c2d28d

github.com/mantisbt/mantisbt/commit/7cc4539f

www.htbridge.com/advisory/HTB23243

www.mantisbt.org/bugs/view.php?id=17937

www.mantisbt.org/bugs/view.php?id=17940

8.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for PRION:CVE-2014-9573