Mantisbt : Security Vulnerabilities, CVEs, (Gain Privilege)

CVE-2014-9624

CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
Max CVSS
7.5
EPSS Score
0.31%
Published
2017-09-12
Updated
2017-09-20

CVE-2014-9572

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
Max CVSS
7.5
EPSS Score
1.77%
Published
2015-01-26
Updated
2017-09-08

CVE-2014-9388

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2014-12-17
Updated
2017-01-03

CVE-2014-9117

MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Max CVSS
5.0
EPSS Score
0.64%
Published
2014-12-06
Updated
2017-09-08

CVE-2014-6387

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.37%
Published
2014-10-22
Updated
2021-01-12

CVE-2012-1123

The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.
Max CVSS
7.5
EPSS Score
1.85%
Published
2012-06-29
Updated
2021-01-12
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close