Mantis is susceptible to multiple cross site scripting vulnerabilities.
a6f58dd97966c39ee1d173207fb0d4d25219702ee1bad263cc675e5318ce6befMantis Bug Tracker version 2.24.3 suffers from a remote SQL injection vulnerability.
3c8957612d86d7577fdde28ee21d1df81ea67d1228ac3abae6f808678afa40aeMantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.
c5bd41082422ed338ccc46ee3ad8d43820a3a1cd833484f28da741205e12c069Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbebMantis Bug Tracker versions 1.3.10 and 2.3.0 suffer from a cross site request forgery vulnerability.
657f51bab66ce5d5cf6800d27e2f3bc584ea834cf9cbd98479d947434a3b0eadMantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability.
da0c10bca7d635dd4ba8a9cdd41f8f1b36c9490cffa05acee01ffcdf095d74d1MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1eMantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.
66702fafa02a9dbc923285c073b3f395b675adad64da5dfa2394ca10e6440fd2Mantis BugTracker version 1.2.19 suffers from an open redirection vulnerability.
a4a5d3a57136e2c7c69197773c4c6f2b7d1873d9a94832d2eb5e95f58d43524eMantis BugTracker version 1.2.17 suffers from denial of service, potential cross site scripting, and arbitrary redirection vulnerabilities.
73dc034d9a5622082847c13fa1d43e825d41a1ee7d9873124267bbb560c947f2This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.
48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9MantisBT version 1.2.16 suffers from a remote SQL injection vulnerability.
920455a7475eaa40b79d5ec69566d82d5c1e669a641ca3c45e1041ff75adafedMantisBT version 1.2.7 suffers from cross site scripting and local file inclusion vulnerabilities.
f93ea1f9463f54e352b0762b7f966c8a53d16c2feee1c1340bc0337cc98100a2MantisBT CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
d16b31ce8fbf08114e5733901215b9a05ad79cc8ab7189291699e00407f1230fMantis Bug Tracker versions 1.1.3 and below remote code execution exploit.
8f7235d1fa244d88437b93a00f10ac0a9403dda9941121e364649b305566b796Mantis Bug Tracker version 1.1.1 suffers from remote code execution, cross site scripting, and cross site request forgery vulnerabilities.
f69ef268367fecefac3205565ba9c1d3f5e36237f4b833741139a9350750a069Mantis Bugtracker exploit scanner that looks for versions less than 1.0.0RC2 and greater than 0.18.3 which are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
846b7601bdc63c621b48e9ed66d2964760dbc83607dfabd16ba2ee2080eb9cd3Mantis Bugtracker versions less than 1.0.0RC2 and greater than 0.18.3 are vulnerable to XSS and variable poisoning attacks if register_globals is enabled.
85dcfcb51f4250c4f8e9ac0aa699db2ed494373073674e22eaf7e532476d42edMantis suffers from a remote PHP code execution vulnerability when the REGISTER_GLOBAL variable is set.
a70413a0d6384063116146614076f527699b5ef8da05f1e7d3c3af253afadf40
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed