CVE-2014-9089

2014-11-2815:59:11

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

Affected configurations

Nvd

Node

debiandebian_linuxMatch1.2

Node

mantisbtmantisbtRange≤1.2.17

VendorProductVersionCPE
debiandebian_linux1.2cpe:2.3:o:debian:debian_linux:1.2:*:*:*:*:*:*:*
mantisbtmantisbt*cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*