CVE-2014-9573

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-9573
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/oss-sec/2015/q1/157 Exploit
http://www.securitytracker.com/id/1031633
https://exchange.xforce.ibmcloud.com/vulnerabilities/100210
https://github.com/mantisbt/mantisbt/commit/69c2d28d
https://github.com/mantisbt/mantisbt/commit/7cc4539f
https://www.htbridge.com/advisory/HTB23243
https://www.mantisbt.org/bugs/view.php?id=17937
https://www.mantisbt.org/bugs/view.php?id=17940 Exploit
http://seclists.org/oss-sec/2015/q1/157 Exploit
http://www.securitytracker.com/id/1031633
https://exchange.xforce.ibmcloud.com/vulnerabilities/100210
https://github.com/mantisbt/mantisbt/commit/69c2d28d
https://github.com/mantisbt/mantisbt/commit/7cc4539f
https://www.htbridge.com/advisory/HTB23243
https://www.mantisbt.org/bugs/view.php?id=17937
https://www.mantisbt.org/bugs/view.php?id=17940 Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.3.0:beta1:*:*:*:*:*:*
History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://seclists.org/oss-sec/2015/q1/157 - Exploit () http://seclists.org/oss-sec/2015/q1/157 - Exploit
References () http://www.securitytracker.com/id/1031633 - () http://www.securitytracker.com/id/1031633 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/100210 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/100210 -
References () https://github.com/mantisbt/mantisbt/commit/69c2d28d - () https://github.com/mantisbt/mantisbt/commit/69c2d28d -
References () https://github.com/mantisbt/mantisbt/commit/7cc4539f - () https://github.com/mantisbt/mantisbt/commit/7cc4539f -
References () https://www.htbridge.com/advisory/HTB23243 - () https://www.htbridge.com/advisory/HTB23243 -
References () https://www.mantisbt.org/bugs/view.php?id=17937 - () https://www.mantisbt.org/bugs/view.php?id=17937 -
References () https://www.mantisbt.org/bugs/view.php?id=17940 - Exploit () https://www.mantisbt.org/bugs/view.php?id=17940 - Exploit
Information

Published : 2015-01-26 15:59

Updated : 2024-11-21 02:21

NVD link : CVE-2014-9573

Mitre link : CVE-2014-9573

CVE.ORG link : CVE-2014-9573

JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024