6 matches found
MantisBT < 2.24.4 Multiple Vulnerabilities - Linux
MantisBT is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
MantisBT SQL Injection (CVE-2020-28413)
An SQL injection vulnerability exists in MantisBT. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Mantis Bug Tracker 2.24.3 SQL Injection
Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...
Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...
CVE-2020-28413
creationtimestamp| type| source ---|---|--- 2020-12-31 00:30:50+00:00| seen| https://t.me/cibsecurity/21432...
CVE-2020-28413
CVE-2020-28413 affects MantisBT 2.24.3, where the SQL injection occurs in the parameter “access” of the mc_project_get_users function via the SOAP API. The vulnerability is triggered remotely over the network with low attack complexity, as indicated by the CVSS vectors (v3.1: AV:N/AC:L/PR:L/UI:N/...