Invia #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injectioninformazioni

TitoloMantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
DescrizioneIn MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Fonte⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Utente
 EthicalHCOP (UID 4258)
Sottomissione24/08/2021 10:24 (5 anni fa)
Moderazione24/08/2021 11:05 (41 minutes later)
StatoDuplicato
Voce VulDB167047 [MantisBT fino a 2.24.3 API SOAP mc_project_get_users Accesso iniezione SQL]
Punti0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!