Mantisbt@1.0.0a3 Security Vulnerabilities and Issues — Mantisbt@1.0.0a3 CVE List

Lucene search

MantisbtMantisbt1.0.0a3

9 matches found

CVE•added 2014/11/13 9:32 p.m.•57 views

CVE-2014-8554

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.

7.5CVSS6.4AI score0.00741EPSS

CVE•added 2011/01/03 8:0 p.m.•56 views

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

5.1CVSS7AI score0.10602EPSS

CVE•added 2012/06/29 7:55 p.m.•54 views

CVE-2012-1122

bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access...

3.6CVSS5.9AI score0.01224EPSS

CVE•added 2012/06/29 7:55 p.m.•52 views

CVE-2012-1118

The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.

4.3CVSS6.1AI score0.01253EPSS

CVE•added 2010/10/05 10:0 p.m.•48 views

CVE-2010-3763

Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.

4.3CVSS5.5AI score0.00598EPSS

CVE•added 2010/10/05 10:0 p.m.•47 views

CVE-2010-3303

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to c...

3.5CVSS5.2AI score0.00392EPSS

CVE•added 2011/01/03 8:0 p.m.•42 views

CVE-2010-4348

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

4.3CVSS5.5AI score0.11876EPSS

CVE•added 2011/01/03 8:0 p.m.•41 views

CVE-2010-4349

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

5CVSS6AI score0.10632EPSS

CVE•added 2010/09/07 5:0 p.m.•40 views

CVE-2010-2802

Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.

3.5CVSS5.7AI score0.00232EPSS