Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2021/01/15 12:0 a.m.19 views

MantisBT < 2.24.4 Multiple Vulnerabilities - Linux

MantisBT is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.8AI score0.04725EPSS
Exploits7References5
Check Point Advisories
Check Point Advisories
added 2021/01/13 12:0 a.m.28 views

MantisBT SQL Injection (CVE-2020-28413)

An SQL injection vulnerability exists in MantisBT. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

4CVSS5.2AI score0.04725EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.330 views

Mantis Bug Tracker 2.24.3 SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

0.2AI score0.04725EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/04 12:0 a.m.464 views

Mantis Bug Tracker 2.24.3 - &#039;access&#039; SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

6.5CVSS6AI score0.04725EPSS
Exploits3
Circl
Circl
added 2020/12/31 12:30 a.m.8 views

CVE-2020-28413

creationtimestamp| type| source ---|---|--- 2020-12-31 00:30:50+00:00| seen| https://t.me/cibsecurity/21432...

6.5CVSS6.2AI score0.04725EPSS
Exploits3References1
CVE
CVE
added 2020/12/30 9:28 p.m.106 views

CVE-2020-28413

CVE-2020-28413 affects MantisBT 2.24.3, where the SQL injection occurs in the parameter “access” of the mc_project_get_users function via the SOAP API. The vulnerability is triggered remotely over the network with low attack complexity, as indicated by the CVSS vectors (v3.1: AV:N/AC:L/PR:L/UI:N/...

6.5CVSS7AI score0.04725EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder