CVE-2020-28413

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

Ссылки

http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html
Exploit
Third Party Advisory
https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Third Party Advisory
http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html
Exploit
Third Party Advisory
https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mantisbt:mantisbt:2.24.3:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02421

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2020-28413

CVSS3: 5.3

ubuntu

около 5 лет назад

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

CVE-2020-28413

CVSS3: 5.3

debian

около 5 лет назад

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" ...

GHSA-49w9-82cj-xr48

CVSS3: 5.3

github

больше 3 лет назад

MantisBT SQL Injection via mc_project_get_users function

EPSS

Процентиль: 85%

0.02421

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89