Vulnerability Details : CVE-2017-12419
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-12419
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-12419
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
|
4.9
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST |
CWE ids for CVE-2017-12419
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12419
-
https://mantisbt.org/bugs/view.php?id=23173
0023173: CVE-2017-12419: Arbitrary File Read inside install.php script - MantisBTVendor Advisory
-
http://openwall.com/lists/oss-security/2017/08/04/6
oss-security - CVE-2017-12419: Arbitrary File Read in MantisBT install.php scriptMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/100142
MantisBT CVE-2017-12419 Arbitrary File Read VulnerabilityThird Party Advisory;VDB Entry