Vulnerability Details : CVE-2014-8598
Public exploit exists!
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
Products affected by CVE-2014-8598
- cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8598
67.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-8598
-
MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability
Disclosure Date: 2014-11-08First seen: 2020-04-26exploit/multi/http/mantisbt_php_execThis module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelin
CVSS scores for CVE-2014-8598
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2014-8598
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8598
-
http://www.securityfocus.com/bid/70996
MantisBT XmlImportExport Plugin CVE-2014-8598 Multiple Security Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98573
MantisBT XML Import/Export security bypass CVE-2014-8598 Vulnerability Report
-
http://www.debian.org/security/2015/dsa-3120
Debian -- Security Information -- DSA-3120-1 mantis
-
http://www.mantisbt.org/bugs/view.php?id=17780
0017780: CVE-2014-8598: XML plugin should restrict ability to import data - MantisBTVendor Advisory
-
https://github.com/mantisbt/mantisbt/commit/80a15487
XML plugin: Add config page with access thresholds · mantisbt/mantisbt@80a1548 · GitHubVendor Advisory
-
http://secunia.com/advisories/62101
Sign in
-
http://www.openwall.com/lists/oss-security/2014/11/07/28
oss-security - CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access
Jump to