PT-2014-8921 · Mantisbt · Mantisbt
Matthias Karlsson
·
Publicado
2014-12-08
·
Atualizado
2021-01-12
·
CVE-2014-9279
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MantisBT versions 1.1.0a3 through 1.2.x before 1.2.18
Description
The issue allows remote attackers to obtain database credentials. This is achieved by exploiting the
print test result function in admin/upgrade unattended.php using a URL in the hostname parameter and reading the parameters in the response sent to the URL.Recommendations
For versions 1.1.0a3 through 1.2.x before 1.2.18, update to version 1.2.18 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mantisbt