Vulnerabilities > Mantisbt

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2014-9624 Improper Authentication vulnerability in Mantisbt
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
network
low complexity
mantisbt CWE-287
7.5
2017-08-28 CVE-2015-2046 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
network
low complexity
mantisbt CWE-79
6.1
2017-08-09 CVE-2014-9701 Cross-site Scripting vulnerability in Mantisbt
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
network
low complexity
mantisbt CWE-79
6.5
2017-08-05 CVE-2017-12419 Information Exposure vulnerability in Mantisbt 2.5.2
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
network
low complexity
mantisbt CWE-200
4.9
2017-08-01 CVE-2017-12062 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1
2017-08-01 CVE-2017-12061 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1
2017-08-01 CVE-2015-5059 Information Exposure vulnerability in Mantisbt
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
network
high complexity
mantisbt CWE-200
5.3
2017-05-21 CVE-2017-7620 Cross-Site Request Forgery (CSRF) vulnerability in Mantisbt
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
network
low complexity
mantisbt CWE-352
6.5
2017-04-18 CVE-2017-7897 Cross-site Scripting vulnerability in Mantisbt 2.3.0/2.3.1
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
network
low complexity
mantisbt CWE-79
6.1
2017-04-16 CVE-2017-7615 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
network
low complexity
mantisbt CWE-640
8.8