| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-1042 | 5.8 |
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator
|
12-01-2021 - 18:05 | 10-02-2015 - 20:59 | |
| CVE-2014-9624 | 5.0 |
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
|
20-09-2017 - 18:11 | 12-09-2017 - 14:29 | |
| CVE-2014-9573 | 6.0 |
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
|
08-09-2017 - 01:29 | 26-01-2015 - 15:59 | |
| CVE-2014-9571 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter.
|
08-09-2017 - 01:29 | 26-01-2015 - 15:59 | |
| CVE-2014-9572 | 7.5 |
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.
|
08-09-2017 - 01:29 | 26-01-2015 - 15:59 |