3 matches found
MantisBT 'sql' Parameter SQL Injection Vulnerability (Feb 2018) - Linux
MantisBT is prone to an SQL injection SQLi vulnerability. Note: The vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass...
CVE-2018-6382
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on...
CVE-2018-6382
MantisBT 2.10.0 is affected by a local SQL injection via the vendor/adodb/adodb-php/server.php sql parameter accessible to 127.0.0.1. The issue is described as exploitable by local users; vendor notes no authentication bypass and disputes the report’s significance. OpenVAS entries for both Window...