CVE-2014-1609
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.
Múltiples vulnerabilidades de inyección SQL en MantisBT anterior a 1.2.16 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través de parámetros no especificados hacia (1) la función mc_project_get_attachments en api/soap/mc_project_api.php; (2) la función news_get_limited_rows en core/news_api.php; la función (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter o (7) summary_print_by_category en core/summary_api.php; la función (8) create_bug_enum_summary o (9) enum_bug_group en plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php o (11) bug_graph_bystatus.php en plugins/MantisGraph/pages/ o (12) proj_doc_page.php, relacionado con el uso de la función db_query, una vulnerabilidad diferente a CVE-2014-1608.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-18 CVE Reserved
- 2014-02-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/61432 | Third Party Advisory | |
| http://www.mantisbt.org/bugs/view.php?id=16880 | X_refsource_confirm | |
| http://www.ocert.org/advisories/ocert-2014-001.html | Us Government Resource | |
| http://www.securityfocus.com/bid/65461 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1063111 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3030 | 2021-01-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | <= 1.2.15 Search vendor "Mantisbt" for product "Mantisbt" and version " <= 1.2.15" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | alpha1 |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | alpha2 |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | alpha3 |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | rc1 |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.0 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.0" | rc2 |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.1 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.1" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.2 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.2" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.3 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.3" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.4 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.4" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.5 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.5" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.6 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.6" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.7 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.7" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.8 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.8" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.9 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.9" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.10 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.10" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.11 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.11" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.13 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.13" | - |
Affected
| ||||||
| Mantisbt Search vendor "Mantisbt" | Mantisbt Search vendor "Mantisbt" for product "Mantisbt" | 1.2.14 Search vendor "Mantisbt" for product "Mantisbt" and version "1.2.14" | - |
Affected
| ||||||