Multiple security issues have been found in the Mantis bug tracking
system, which may result in phishing, information disclosure, CAPTCHA
bypass, SQL injection, cross-site scripting or the execution of arbitrary
PHP code.

For the stable distribution (wheezy), these problems have been fixed in
version 1.2.18-1.

We recommend that you upgrade your mantis packages.

References

www.debian.org/security/2015/dsa-3120

openvas 25

nessus 21

debian 1

securityvulns 4

fedora 16

archlinux 4

cve 23

cvelist 23

exploitdb 2

metasploit 1

zdt 4

ubuntucve 22

prion 23

nvd 23

veracode 2

packetstorm 3

symantec 1

openvas

Debian Security Advisory DSA 3120-1 (mantis - security update)

2015-01-06 00:00:00

Debian: Security Advisory (DSA-3120-1)

2015-01-05 00:00:00

MantisBT <= 1.2.17 Multiple Vulnerabilities

2014-11-25 00:00:00

nessus

Debian DSA-3120-1 : mantis - security update

2015-01-08 00:00:00

MantisBT < 1.2.18 Multiple Vulnerabilities

2015-02-18 00:00:00

MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities

2015-01-22 00:00:00

debian

[SECURITY] [DSA 3120-1] mantis security update

2015-01-06 20:35:26

securityvulns

[SECURITY] [DSA 3120-1] mantis security update

2015-01-19 00:00:00

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

2015-01-19 00:00:00

[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability

2015-01-02 00:00:00

fedora

[SECURITY] Fedora 21 Update: mantis-1.2.18-1.fc21

2014-12-20 08:51:48

[SECURITY] Fedora 20 Update: mantis-1.2.18-1.fc20

2014-12-20 08:48:12

[SECURITY] Fedora 19 Update: mantis-1.2.18-1.fc19

2014-12-20 08:34:55

archlinux

mantisbt: multiple issues

2014-12-08 00:00:00

mantisbt: arbitrary code execution and unrestricted access

2014-11-12 00:00:00

mantisbt: sql injection

2014-11-05 00:00:00

cve

CVE-2014-8598

2014-11-18 15:59:06

CVE-2014-9089

2014-11-28 15:59:11

CVE-2014-8988

2014-11-24 15:59:14

cvelist

CVE-2014-8598

2014-11-18 15:00:00

CVE-2014-9280

2014-12-08 16:00:00

CVE-2014-9089

2014-11-28 15:00:00

exploitdb

Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)

2014-11-18 00:00:00

Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)

2014-11-18 00:00:00

metasploit

MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability

2014-11-09 13:00:44

zdt

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit

2017-03-23 00:00:00

MantisBT XmlImportExport Plugin PHP Code Injection Exploit

2014-11-16 00:00:00

MantisBT XmlImportExport Plugin PHP Code Injection Exploit

2014-11-18 00:00:00

ubuntucve

CVE-2014-8598

2014-11-18 00:00:00

CVE-2014-9089

2014-11-28 00:00:00

CVE-2014-9270

2014-12-08 00:00:00

prion

Code injection

2014-11-18 15:59:00

Sql injection

2014-11-28 15:59:00

Null pointer dereference

2014-12-08 16:59:00

nvd

CVE-2014-8598

2014-11-18 15:59:06

CVE-2014-9280

2014-12-08 16:59:13

CVE-2014-9089

2014-11-28 15:59:11

veracode

Cross-site Scripting (XSS)

2019-06-26 08:43:59

Protection Mechanism Bypass

2019-06-28 03:44:30

packetstorm

Mantis Bug Tracker 1.2.17 PHP Code Injection

2014-12-31 00:00:00

MantisBT XmlImportExport Plugin PHP Code Injection

2014-11-18 00:00:00

Mantis BugTracker 1.2.19 Open Redirect

2015-01-28 00:00:00

symantec

MantisBT CVE-2013-1934 HTML Injection Vulnerability

2013-01-23 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.353

Percentile

97.2%

JSON

Related for OSV:DSA-3120-1