Lucene search
RootSSV:61854HistoryMar 19, 2014 - 12:00 a.m.
MantisBT 'mc_issue_attachment_get' SOAP API SQL注入漏洞
2014-03-1900:00:00
Root
www.seebug.org
25
0.011 Low
EPSS
Percentile
82.9%
BUGTRAQ ID: 65445
CVE ID: CVE-2014-1608
MantisBT是基于Web的bug跟踪系统。
MantisBT 1.2.16之前版本,api/soap/mc_file_api.php内的mci_file_get函数存在SQL注入漏洞,这可使远程攻击者通过mc_issue_attachment_get SOAP请求内的特制envelope标签,利用此漏洞执行任意SQL命令。
0
mantisbt mantisbt < 1.2.16
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
cve
cve
CVE-2014-1608
2014-03-18 17:03:00
CVE-2014-1609
2014-03-20 16:55:00
ubuntucve
ubuntucve
CVE-2014-1608
2014-03-18 00:00:00
CVE-2014-1609
2014-03-20 00:00:00
prion
prion
Sql injection
2014-03-18 17:03:00
Sql injection
2014-03-20 16:55:00
openvas
openvas
MantisBT Multiple SQL Injection Vulnerabilities
2014-03-25 00:00:00
Debian Security Advisory DSA 3030-1 (mantis - security update)
2014-09-20 00:00:00
Debian Security Advisory DSA 3030-1 (mantis - security update)
2014-09-20 00:00:00
debian
debian
[SECURITY] [DSA 3030-1] mantis security update
2014-09-20 21:26:14
securityvulns
securityvulns
[oCERT-2014-001] MantisBT input sanitization errors
2014-02-11 00:00:00
[SECURITY] [DSA 3030-1] mantis security update
2014-10-14 00:00:00
nessus
nessus
Debian DSA-3030-1 : mantis - security update
2014-09-22 00:00:00
Fedora 20 : mantis-1.2.17-1.fc20 (2014-3421)
2014-03-13 00:00:00
MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities
2015-02-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mantis-1.2.17-1.fc20
2014-03-13 05:07:18
[SECURITY] Fedora 19 Update: mantis-1.2.17-1.fc19
2014-03-13 05:01:34