Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1608

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-1608
Last Modified 13 Aug 2015 01:59:19
Published 18 Mar 2014 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1608

Summary

SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

Application

  • Mantisbt 1.2.0

  • Mantisbt 1.2.1

  • Mantisbt 1.2.10

  • Mantisbt 1.2.11

  • Mantisbt 1.2.13

  • Mantisbt 1.2.14

  • Mantisbt 1.2.15

  • Mantisbt 1.2.2

  • Mantisbt 1.2.3

  • Mantisbt 1.2.4

  • Mantisbt 1.2.5

  • Mantisbt 1.2.6

  • Mantisbt 1.2.7

  • Mantisbt 1.2.8

  • Mantisbt 1.2.9


References

MISC - http://www.ocert.org/advisories/ocert-2014-001.html

CONFIRM - https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1063111

BID - 65445

CONFIRM - http://www.mantisbt.org/bugs/view.php?id=16879

DEBIAN - DSA-3030

OSVDB - 103118


Last Updated: 27 May 2016 11:09:29