fkie_cve-2014-1608
Vulnerability from fkie_nvd
Published
2014-03-18 17:03
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
References
cve@mitre.orghttp://osvdb.org/103118
cve@mitre.orghttp://secunia.com/advisories/61432
cve@mitre.orghttp://www.debian.org/security/2014/dsa-3030
cve@mitre.orghttp://www.mantisbt.org/bugs/view.php?id=16879
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2014-001.htmlUS Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/65445
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1063111
cve@mitre.orghttps://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/103118
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61432
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3030
af854a3a-2127-422b-91ae-364da2661108http://www.mantisbt.org/bugs/view.php?id=16879
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2014-001.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65445
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1063111
af854a3a-2127-422b-91ae-364da2661108https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102Exploit, Patch
Impacted products
Vendor Product Version
mantisbt mantisbt *
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.0
mantisbt mantisbt 1.2.1
mantisbt mantisbt 1.2.2
mantisbt mantisbt 1.2.3
mantisbt mantisbt 1.2.4
mantisbt mantisbt 1.2.5
mantisbt mantisbt 1.2.6
mantisbt mantisbt 1.2.7
mantisbt mantisbt 1.2.8
mantisbt mantisbt 1.2.9
mantisbt mantisbt 1.2.10
mantisbt mantisbt 1.2.11
mantisbt mantisbt 1.2.13
mantisbt mantisbt 1.2.14
debian debian_linux 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED59DEDF-08A2-4BEB-9DE3-0205CA2D69B4",
              "versionEndIncluding": "1.2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "9DA2615A-CD65-4765-AB0A-D72C2BEB00F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "7D09CC46-DFA2-408D-8720-05C23E73C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3461212B-A96B-4D38-A722-84E7418C2A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7B6DEE14-744B-4DE4-BDCF-E4E4D37F70A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D4462BEE-39B6-47BD-B08F-5BE1FD918221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66AB537-6FBA-4A51-B10C-BF61F54BC01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50835BF-D28B-47FF-81F0-C34D95D6F2E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA0EB9A6-1DFD-4C17-A002-0899DA252A56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA33285-3EE7-43FD-8347-E7D9A18DC134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8827C2B4-EBEC-4D64-9AC8-07A048467F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F32DFF4-6448-46FD-9358-4FB1C310EC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20328CE4-0488-43B8-AA64-A6CB2230C74C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDEB950-D3F4-4B96-B456-B8441DC403D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE69E6A6-8CD2-4C8A-A30A-CB0A04AC539F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D464F7CF-A156-4EE5-BB59-6C759448EB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1BFB72-CDD6-466E-ACAD-EA442D11C22F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD11DD1B-EC1C-48F4-B4C6-1CF6A0F80970",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n mci_file_get en api/soap/mc_file_api.php en MantisBT anterior a 1.2.16 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de una etiqueta envolvente manipulada en una solicitud mc_issue_attachment_get SOAP."
    }
  ],
  "id": "CVE-2014-1608",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-18T17:03:00.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/103118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/61432"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2014/dsa-3030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mantisbt.org/bugs/view.php?id=16879"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2014-001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65445"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063111"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/103118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mantisbt.org/bugs/view.php?id=16879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2014-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.