PT-2014-8921 · Mantisbt · Mantisbt
Matthias Karlsson
·
Published
2014-12-08
·
Updated
2021-01-12
·
CVE-2014-9279
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MantisBT versions 1.1.0a3 through 1.2.x before 1.2.18
Description
The issue allows remote attackers to obtain database credentials. This is achieved by exploiting the
print test result function in admin/upgrade unattended.php using a URL in the hostname parameter and reading the parameters in the response sent to the URL.Recommendations
For versions 1.1.0a3 through 1.2.x before 1.2.18, update to version 1.2.18 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mantisbt