Mantisbt : Security Vulnerabilities, CVEs, (Gain Privilege)
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
Max CVSS
7.5
EPSS Score
0.31%
Published
2017-09-12
Updated
2017-09-20
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
Max CVSS
7.5
EPSS Score
1.77%
Published
2015-01-26
Updated
2017-09-08
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2014-12-17
Updated
2017-01-03
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Max CVSS
5.0
EPSS Score
0.64%
Published
2014-12-06
Updated
2017-09-08
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.37%
Published
2014-10-22
Updated
2021-01-12
The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password.
Max CVSS
7.5
EPSS Score
1.85%
Published
2012-06-29
Updated
2021-01-12
6 vulnerabilities found