PT-2019-14339 · Mantisbt · Mantisbt

Dregad

·

Published

2019-10-09

·

Updated

2023-01-20

·

CVE-2019-15715

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.3.20 MantisBT versions prior to 2.22.1
Description The issue allows for Post Authentication Command Injection, which can lead to Remote Code Execution.
Recommendations For versions prior to 1.3.20, update to version 1.3.20 or later. For versions prior to 2.22.1, update to version 2.22.1 or later.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-15715
GHSA-V23G-WJVQ-2FPF

Affected Products

Mantisbt