RSS   Vulnerabilities for 'Mantis bt'   RSS

2014-11-13
 
CVE-2014-8554

 

 
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.

 

 >>> Vendor: Mantisbt 3 Products
Mantisbt
Mantis bt
Mantisbt source integration plugin


Copyright 2017, cxsecurity.com