CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2014-1609 – Debian Security Advisory 3030-1
https://notcve.org/view.php?id=CVE-2014-1609
09 Feb 2014 — Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (... • http://secunia.com/advisories/61432 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 55EXPL: 1CVE-2013-4460
https://notcve.org/view.php?id=CVE-2013-4460
10 Jan 2014 — Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. Vulnerabilidad cross-site scripting (XSS) en account_sponsor_page.php de MantisBT 1.0.0 hasta 1.2.15 permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a través de un nombre de proyecto. • http://osvdb.org/98823 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •