CVE-2014-7146 in MantisBTinfo

Summary

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

09/22/2014

Disclosure

11/18/2014

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20

Exploit

Download

CVSS

6.3

EPSS

0.80388

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-7146
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-7146
CVE Details	https://www.cvedetails.com/cve/CVE-2014-7146/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!