Required CVE Record Information
Description
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
References 5 Total
- securityfocus.com: 71359 vdb-entry
- https://github.com/mantisbt/mantisbt/commit/0826cef8
- http://www.mantisbt.org/bugs/view.php?id=17877
- seclists.org: [oss-security] 20141129 CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script mailing-list
- exchange.xforce.ibmcloud.com: mantisbt-upgradeunattaended-sec-bypass(99031) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- securityfocus.com: 71359 vdb-entryx_transferred
- https://github.com/mantisbt/mantisbt/commit/0826cef8 x_transferred
- http://www.mantisbt.org/bugs/view.php?id=17877 x_transferred
- seclists.org: [oss-security] 20141129 CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script mailing-listx_transferred
- exchange.xforce.ibmcloud.com: mantisbt-upgradeunattaended-sec-bypass(99031) vdb-entryx_transferred