Matthias Karlsson

Researcher fromOffensive Security
#12739of 53,632
21.1Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2015-4172
4.3
2015-01-06
Mantisbt · Mantisbt · CVE-2014-9271
**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.18 **Description** A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments. This can be demonstrated by a filename such as .swf.jpeg. **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files with executable content, such as .swf files, to minimize the risk of exploitation.
PT-2014-8923
4.3
2014-12-09
Mantisbt · Mantisbt · CVE-2014-9281
**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.18 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `dest id` field in the admin/copy field.php file. **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue.
PT-2014-8921
5.0
2014-12-08
Mantisbt · Mantisbt · CVE-2014-9279
**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.1.0a3 through 1.2.x before 1.2.18 **Description** The issue allows remote attackers to obtain database credentials. This is achieved by exploiting the `print test result` function in `admin/upgrade unattended.php` using a URL in the `hostname` parameter and reading the parameters in the response sent to the URL. **Recommendations** For versions 1.1.0a3 through 1.2.x before 1.2.18, update to version 1.2.18 or later to resolve the issue.
PT-2014-8922
7.5
2014-12-08
Mantisbt · Mantisbt · CVE-2014-9280
**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.18 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is possible via the `filter` parameter in the `current user get bug filter` function. **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the `current user get bug filter` function until a patch is available. Avoid using the `filter` parameter in the affected function until the issue is resolved.