إرسال #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injectionالمعلومات

عنوانMantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
الوصفIn MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
المصدر⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
المستخدم
 EthicalHCOP (UID 4258)
ارسال24/08/2021 10:24 AM (5 سنوات منذ)
الاعتدال24/08/2021 11:05 AM (41 minutes later)
الحالةمكرر
إدخال VulDB167047 [MantisBT حتى 2.24.3 API SOAP mc_project_get_users وصول حقن SQL]
النقاط0

Do you know our Splunk app?

Download it now for free!