Vulnerabilities > Mantisbt > Mantisbt > 1.2.14

DATE CVE VULNERABILITY TITLE RISK
2014-03-18 CVE-2014-1608 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
network
low complexity
mantisbt debian CWE-89
7.5
7.5
2014-03-05 CVE-2014-2238 SQL Injection vulnerability in Mantisbt
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
network
low complexity
mantisbt CWE-89
6.5
6.5
2014-01-10 CVE-2013-4460 Cross-Site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
network
mantisbt CWE-79
3.5
3.5