Vulnerabilities > Mantisbt > Mantisbt > 1.2.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-18 | CVE-2014-1608 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. | 7.5 |
2014-03-05 | CVE-2014-2238 | SQL Injection vulnerability in Mantisbt SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter. | 6.5 |
2014-01-10 | CVE-2013-4460 | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 3.5 |