Required CVE Record Information
Description
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
References 6 Total
- seclists.org: [oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-list
- seclists.org: [oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-list
- securityfocus.com: 65903 vdb-entry
- http://mantisbt.domainunion.de/bugs/view.php?id=17055
- http://www.mantisbt.org/blog/?p=288
- exchange.xforce.ibmcloud.com: mantisbt-admconfigreport-sql-injection(91563) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- seclists.org: [oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-listx_transferred
- seclists.org: [oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-listx_transferred
- securityfocus.com: 65903 vdb-entryx_transferred
- http://mantisbt.domainunion.de/bugs/view.php?id=17055 x_transferred
- http://www.mantisbt.org/blog/?p=288 x_transferred
- exchange.xforce.ibmcloud.com: mantisbt-admconfigreport-sql-injection(91563) vdb-entryx_transferred