| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. |
| The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316. |
| Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type. |
| Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. |
| The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. |
| The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. |
| MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. |
| Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename. |
| The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL. |
| Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608. |
| MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain sensitive information about restricted issues. |
| Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. |
| Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. |
| Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php. |
| admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. |
| Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php. |
| Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303. |
| MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. |
| The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request. |
| MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments. |
