Vulnerability Details : CVE-2010-4350
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2010-4350
Probability of exploitation activity in the next 30 days: 2.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4350
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2010-4350
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4350
-
http://openwall.com/lists/oss-security/2010/12/15/5
oss-security - CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion VulnerabilityExploit;Patch
-
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php
Zero Science Lab » MantisBT <=1.2.3 (db_type) Local File Inclusion VulnerabilityExploit;Patch
-
http://www.vupen.com/english/advisories/2011/0002
Webmail | OVH- OVH
-
http://security.gentoo.org/glsa/glsa-201211-01.xml
MantisBT: Multiple vulnerabilities (GLSA 201211-01) — Gentoo security
-
http://www.mantisbt.org/bugs/view.php?id=12607
0012607: LFI/FD and XSS in the 'upgrade_unattended.php' - MantisBT
-
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
Change Log - MantisBTExploit;Patch
-
http://www.mantisbt.org/blog/?p=123
MantisBT 1.2.4 Released – Mantis Bug Tracker – Blog
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
[SECURITY] Fedora 13 Update: mantis-1.1.8-5.fc13
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
[SECURITY] Fedora 14 Update: mantis-1.1.8-5.fc14
-
http://openwall.com/lists/oss-security/2010/12/16/2
oss-security - Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion VulnerabilityExploit;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=663230
663230 – (CVE-2010-4348, CVE-2010-4349, CVE-2010-4350) CVE-2010-4348 CVE-2010-4349 CVE-2010-4350 MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)Exploit;Patch
Products affected by CVE-2010-4350
- cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*