Enviar #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injectioninformación

TítuloMantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
DescripciónIn MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Fuente⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Usuario
 EthicalHCOP (UID 4258)
Sumisión2021-08-24 10:24 (hace 5 años)
Moderación2021-08-24 11:05 (41 minutes later)
EstadoDuplicado
Entrada de VulDB167047 [MantisBT hasta 2.24.3 API SOAP mc_project_get_users Acceso inyección SQL]
Puntos0

Do you need the next level of professionalism?

Upgrade your account now!