Описание
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remot ...
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
EPSS
7.5 High
CVSS2