15 matches found
MantisBT Admin SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...
CVE-2014-2238
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/mantisbtadminsqli.rb 2025-02-06 03:13:41+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:27+00:00| seen|...
MantisBT 1.2.13 - 1.2.16 'admin_config_report.php' SQLi
According to its version number, the MantisBT application hosted on the remote web server is 1.2.13 or later but prior to 1.2.17. It is, therefore, affected by an input validation error related to the 'filterconfigid' parameter in the script 'adminconfigreport.php', which could allow SQL injectio...
Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration Exploit
This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7. This module requires Metasploit: http://metasploit.com/download Current source:...
Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 "Wordpress Photo Gallery Unauthenticated SQL Injection User Enumeration", 'Description' = %q This module exploits an unauthenticated...
Fedora Update for mantis FEDORA-2014-16546
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868626";...
Fedora Update for mantis FEDORA-2014-16504
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868624";...
Fedora Update for mantis FEDORA-2014-15079
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868569";...
Fedora Update for mantis FEDORA-2014-12146
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868392";...
Fedora Update for mantis FEDORA-2014-12165
Check the version of mantis SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868393";...
Fedora Update for mantis FEDORA-2014-3440
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mantis FEDORA-2014-3421
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-2238
SQL injection vulnerability in the manage configuration page admconfigreport.php in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filterconfigid parameter...
CVE-2014-2238
CVE-2014-2238 is a SQL injection vulnerability in MantisBT’s admin_config_report.php used by versions 1.2.13 through 1.2.16. The issue arises in the handling of the filter_config_id parameter, enabling a remote authenticated administrator to execute arbitrary SQL commands. Multiple connected sour...
CVE-2014-2238
SQL injection vulnerability in the manage configuration page admconfigreport.php in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filterconfigid parameter...