CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6526
https://notcve.org/view.php?id=CVE-2018-6526
02 Feb 2018 — view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php. En el archivo view_all_bug_page.php en MantisBT versión 2.10.0-desarrollo antes del 02-02-2018, permite a los atacantes remotos detectar la path completa por medio de un parámetro filter no válido, relacionado con una llamada a la función filter_ensure_valid_filter en el archivo current_... • http://www.securityfocus.com/bid/103065 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6382
https://notcve.org/view.php?id=CVE-2018-6382
30 Jan 2018 — MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass ** EN DISPUTA ** MantisBT 2.10.0 permite que usuarios locales lleven a cabo ataques de inyección SQL mediante el paráme... • http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 1%CPEs: 3EXPL: 0CVE-2017-12419
https://notcve.org/view.php?id=CVE-2017-12419
05 Aug 2017 — If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server. Si ... • http://openwall.com/lists/oss-security/2017/08/04/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2017-12061
https://notcve.org/view.php?id=CVE-2017-12061
01 Aug 2017 — An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. Se detectó una vulnerabilidad d... • http://openwall.com/lists/oss-security/2017/08/01/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-12062
https://notcve.org/view.php?id=CVE-2017-12062
01 Aug 2017 — An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled. Se detectó una vulnerabilidad de tipo Cross-Site Scripting (XSS) en manage_user_page.php en MantisBT en sus versiones 2.X anteriores a la 2.5.2. El campo "filter" no se sanitiza antes de que se renderice en la página Manage User, permitiendo a los atacantes remoto... • http://openwall.com/lists/oss-security/2017/08/01/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 3CVE-2017-7620 – Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-7620
21 May 2017 — MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. MantisBT antes de v1.3.11, 2.x antes de v2.3.3 y 2.4.x antes de v2.4.1 omite una verificación de barra inverti... • https://packetstorm.news/files/id/142617 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-7897
https://notcve.org/view.php?id=CVE-2017-7897
18 Apr 2017 — A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. Una vulnerabilidad XSS en el MantisBT (2.3.x en versiones anteriores a 2.3.2) Timeline incluye página, utilizada en My View (my_view_page.php) y pá... • http://www.mantisbt.org/bugs/view.php?id=22742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 92%CPEs: 1EXPL: 7CVE-2017-7615 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2017-7615
16 Apr 2017 — MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. MantisBT hasta la versión 2.3.0 permite reinicio de contraseña arbitrario y acceso de administrador no autenticado a través de un valor confirm_hash vacío para verify.php Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability. • https://packetstorm.news/files/id/180854 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.8EPSS: 0%CPEs: 35EXPL: 1CVE-2017-7241
https://notcve.org/view.php?id=CVE-2017-7241
31 Mar 2017 — A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so ... • http://openwall.com/lists/oss-security/2017/03/30/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 2%CPEs: 24EXPL: 1CVE-2017-7309
https://notcve.org/view.php?id=CVE-2017-7309
31 Mar 2017 — A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Una vulnerabilidad XSS en la página informe de configuración de MantisBT (adm_config_report.php) permite a atacantes remotos inyectar código arbitrario (si la configuración de CSP lo permite) mediante un parámetro 'config_option' manipulad... • http://openwall.com/lists/oss-security/2017/03/30/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •