Vulnerability Details : CVE-2014-7146
Public exploit exists!
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
Vulnerability category: Input validation
Products affected by CVE-2014-7146
- cpe:2.3:a:mantisbt:mantisbt:1.2.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7146
33.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-7146
-
MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability
Disclosure Date: 2014-11-08First seen: 2020-04-26exploit/multi/http/mantisbt_php_execThis module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelin
CVSS scores for CVE-2014-7146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-7146
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7146
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98572
MantisBT ImportXml.php code execution CVE-2014-7146 Vulnerability Report
-
http://www.debian.org/security/2015/dsa-3120
Debian -- Security Information -- DSA-3120-1 mantis
-
http://www.securityfocus.com/bid/70993
MantisBT XmlImportExport Plugin 'ImportXml.php' Arbitrary PHP Code Execution Vulnerability
-
http://secunia.com/advisories/62101
Sign in
-
https://github.com/mantisbt/mantisbt/commit/84017535
Issue #12013: Improved ImportExportXml plugin · mantisbt/mantisbt@8401753 · GitHubVendor Advisory
-
https://github.com/mantisbt/mantisbt/commit/bed19db9
XML Import: Fix php code injection vulnerability · mantisbt/mantisbt@bed19db · GitHubVendor Advisory
-
http://www.mantisbt.org/bugs/view.php?id=17725
0017725: CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin - MantisBT
-
http://seclists.org/oss-sec/2014/q4/576
oss-sec: CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability
Jump to