Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2238

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-2238
Last Modified 10 Jan 2015 09:59:07
Published 05 Mar 2014 11:37:41
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2238

Summary

SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.

Vulnerable Systems

Application

  • Mantisbt 1.2.13

  • Mantisbt 1.2.14

  • Mantisbt 1.2.15

  • Mantisbt 1.2.16


References

BID - 65903

CONFIRM - http://www.mantisbt.org/blog/?p=288

MLIST - [oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability

MLIST - [oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability

CONFIRM - http://mantisbt.domainunion.de/bugs/view.php?id=17055

XF - mantisbt-admconfigreport-sql-injection(91563)


Last Updated: 27 May 2016 11:04:34