CVE Vulnerabilities

CVE-2014-8598

Published: Nov 18, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.

Affected Software

Name Vendor Start Version End Version
Mantisbt Mantisbt * 1.2.17 (including)
Mantis Ubuntu lucid *
Mantis Ubuntu precise *

References