Shodan
Vulnerabilities
Vulnerable Software
Mantisbt:  >> Mantisbt  >> 1.2.4  Security Vulnerabilities
CVE-2012-2692
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
CVSS Score
3.6
EPSS Score
0.007
Published
2012-06-17
CVE-2011-3755
MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.
CVSS Score
5.0
EPSS Score
0.004
Published
2011-09-23
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
CVSS Score
6.8
EPSS Score
0.01
Published
2011-09-21
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.
CVSS Score
4.3
EPSS Score
0.008
Published
2011-09-21
CVE-2011-3578
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
CVSS Score
4.3
EPSS Score
0.013
Published
2011-09-21
CVE-2011-2938
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
CVSS Score
4.3
EPSS Score
0.17
Published
2011-09-21
CVE-2011-3356
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2) manage_config_workflow_page.php, or (3) bugs/plugin.php.
CVSS Score
4.3
EPSS Score
0.008
Published
2011-09-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved