CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-6382

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v3 Score 3.3

CVSS v2 Score 2.1

References

http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
https://mantisbt.org/bugs/view.php?id=23908
http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
https://mantisbt.org/bugs/view.php?id=23908

Products affected by CVE-2018-6382

Mantisbt » Mantisbt » Version: 2.10.0

cpe:2.3:a:mantisbt:mantisbt:2.10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6382

Products

Pricing

Contact Us