Vulnerability CVE-2019-15715
Published: 2019-10-09

Description:
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

See advisories in our WLB2 database:
Topic
Author
Date
High
Mantis Bug Tracker 2.3.0 Remote Code Execution
Nikolas Geiselma...
19.09.2020

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mantisbt -> Mantisbt 

 References:
https://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501
https://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52
https://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5
https://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt
https://mantisbt.org/bugs/view.php?id=26091
https://mantisbt.org/bugs/view.php?id=26162
Copyright 2024, cxsecurity.com

 

Back to Top