CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
87.5%
The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.
Versions of MantisBT 1.2.x prior to 1.2.19 are potentially affected by multiple vulnerabilities :
A SQL injection flaw exists due to insufficient filtration of the ‘MANTIS_MANAGE_USERS_COOKIE’ HTTP cookie in ‘manage_user_page.php’ script. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2014-9573)
A cross-site scripting (XSS) vulnerability exists due to an input validation error in the ‘admin_username’ and ‘admin_password’ GET parameters of the ‘admin/install.php’ script. (CVE-2014-9571)
A flaw exists in ‘admin/install.php’ that could allow a remote attacker to obtain database credentials even after MantisBT has been configured. Visiting the ‘install.php’ script using the parameter ‘install’ and value of ‘4’ would bypass access restrictions, exposing the saved database credentials in use by MantisBT. (CVE-2014-9572)
An error exists related to the CAPTCHA protection mechanism allowing a remote attacker to get an unlimited amount of CAPTCHA samples with different perturbations for the same challenge attempt. (CVE-2014-9624)
A cross-site scripting (XSS) vulnerability exists due to a lack of input validation. Specifically, this flaw affects the ‘permalink_page.php’ script. (CVE-2014-9701)
Multiple URI-redirection vulnerabilities exist because it fails to properly sanitize user-supplied input submitted to the ‘permalink_page.php’ and ‘login_page.php’ scripts. Specifically, these issues occur when the application is installed at the web server’s root directory. An attacker can leverage these issues by constructing a URI that includes a malicious site redirection by using a redirect address having a single slash. (CVE-2015-1042)
Binary data 8903.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9571
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9572
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1042
seclists.org/fulldisclosure/2015/Jan/110
www.nessus.org/u?8889ea62
www.mantisbt.org/blog/?p=408
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
87.5%