Submeter #18903: Mantis Bug Tracker 2.24.3 API SOAP Blind SQL Injectioninformação

TítuloMantis Bug Tracker 2.24.3 API SOAP Blind SQL Injection
DescriçãoIn MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. Sending a empty value as String in the Access parameter, we can get a respone with a SQL error. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-28413 POC: https://www.exploit-db.com/exploits/49340 https://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html Details: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Fonte⚠️ https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
Utilizador
 EthicalHCOP (UID 4258)
Submissão24/08/2021 10h24 (há 5 anos)
Moderação24/08/2021 11h05 (41 minutes later)
EstadoDuplicado
Entrada VulDB167047 [MantisBT até 2.24.3 API SOAP mc_project_get_users Acesso Injeção SQL]
Pontos0

Interested in the pricing of exploits?

See the underground prices here!