Vulnerabilities
Vulnerable Software
Mantisbt:  >> Mantisbt  >> 1.2.17  Security Vulnerabilities
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.
CVSS Score
7.5
EPSS Score
0.007
Published
2014-11-13
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-10-22


Contact Us

Shodan ® - All rights reserved