Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8554

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014103...
MLIST: [oss-security] 2014110...
CONFIRM: http://www.mantisbt.or...
CONFIRM: http://www.mantisbt.or...
BID: 70856
DEBIAN: DSA-3120
SECUNIA: 62101
XF: mantisbt-cve20148554-s...

Launchpad.net

CVE 2014-8554

Related bugs

References