CVE-2014-9624
https://notcve.org/view.php?id=CVE-2014-9624
CAPTCHA bypass vulnerability in MantisBT before 1.2.19. Existe una vulnerabilidad de omisión de CAPTCHA en MantisBT en versiones anteriores a la 1.2.19. • http://www.openwall.com/lists/oss-security/2015/01/18/11 http://www.securitytracker.com/id/1031633 https://bugzilla.redhat.com/show_bug.cgi?id=1183593 https://exchange.xforce.ibmcloud.com/vulnerabilities/100213 https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=1.2.19 https://www.mantisbt.org/bugs/view.php?id=17984 • CWE-287: Improper Authentication •
CVE-2015-2046
https://notcve.org/view.php?id=CVE-2015-2046
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en MantisBT 1.2.13 y posteriores antes de la 1.2.20. • http://www.openwall.com/lists/oss-security/2015/02/21/1 http://www.openwall.com/lists/oss-security/2015/02/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=1191130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9701
https://notcve.org/view.php?id=CVE-2014-9701
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php. Una vulnerabilidad de tipo cross-site scripting (XSS) en MantisBT en versiones anteriores a la 1.2.19 y en versiones 1.3.x anteriores a la 1.3.0-beta.2 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro url a permalink_page.php. • http://www.openwall.com/lists/oss-security/2015/03/15/2 https://bugzilla.redhat.com/show_bug.cgi?id=1202885 https://github.com/mantisbt/mantisbt/commit/d95f070db852614fa18ccca6a4f12f4bffede1fd https://github.com/mantisbt/mantisbt/commit/e7e2b5503580e42db9d91e0d599d61d3ff03c27e https://www.mantisbt.org/bugs/view.php?id=17362#c40613 https://www.mantisbt.org/bugs/view.php?id=19493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12419
https://notcve.org/view.php?id=CVE-2017-12419
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server. Si tras la correcta instalación de MantisBT en su versión 2.5.2 en MySQL/MariaDB el administrador no elimina el directorio "admin" (tal y como se recomienda en la sección "Post-installation and upgrade tasks" de la MantisBT Admin Guide) y el cliente MySQL tiene una configuración local_infile habilitada (en php.ini mysqli.allow_local_infile o el archivo de configuración del cliente MySQL, dependiendo de la configuración de PHP), un atacante podría aprovecharse de la funcionalidad "connect file read" de MySQL para acceder de forma remota a los archivos del servidor de MantisBT. • http://openwall.com/lists/oss-security/2017/08/04/6 http://www.securityfocus.com/bid/100142 https://mantisbt.org/bugs/view.php?id=23173 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12061
https://notcve.org/view.php?id=CVE-2017-12061
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by the $f_database, $f_db_username, and $f_admin_username variables. This is mitigated by the fact that the admin/ folder should be deleted after installation, and also prevented by CSP. Se detectó una vulnerabilidad de tipo Cross-Site Scripting (XSS) en admin/install.php en MantisBT en versiones anteriores a la 1.3.12 y todas las 2.X anteriores a la 2.5.2. Algunas variables que están bajo el control de usuarios en el script de instalación de MantisBT no están sanitizadas correctamente antes de que se envíen, permitiendo a los atacantes remotos inyectar código JavaScript arbitrario, tal y como lo demuestran las variables $f_database, $f_db_username, y $f_admin_username. • http://openwall.com/lists/oss-security/2017/08/01/1 http://openwall.com/lists/oss-security/2017/08/01/2 http://www.securitytracker.com/id/1039030 https://github.com/mantisbt/mantisbt/commit/17f9b94f031ba93ae2a727bca0e68458ecd08fb0 https://github.com/mantisbt/mantisbt/commit/c73ae3d3d4dd4681489a9e697e8ade785e27cba5 https://mantisbt.org/bugs/view.php?id=23146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •