CVE-2018-6382

Опубликовано: 30 янв. 2018

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass

Ссылки

http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
Vendor Advisory
https://mantisbt.org/bugs/view.php?id=23908
Issue Tracking
Vendor Advisory
http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
Vendor Advisory
https://mantisbt.org/bugs/view.php?id=23908
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mantisbt:mantisbt:2.10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2018-6382

CVSS3: 3.3

debian

около 8 лет назад

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks vi ...

GHSA-mqw5-jgj7-2qpp

CVSS3: 3.3

github

больше 3 лет назад

** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass.

EPSS

Процентиль: 27%

0.00094

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-89