Submit #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injectioninfo

TitelMantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
BeschreibungIn MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Quelle⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Benutzer
 EthicalHCOP (UID 4258)
Einreichung24.08.2021 10:24 (vor 5 Jahren)
Moderieren24.08.2021 11:05 (41 minutes later)
StatusDuplikat
VulDB Eintrag167047 [MantisBT bis 2.24.3 API SOAP mc_project_get_users Zugang SQL Injection]
Punkte0

Do you need the next level of professionalism?

Upgrade your account now!