VDB
CVE-2014-2238
CVE-2014-2238
PUBLISHED
CVSS 6.5 MEDIUM
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
EPSS 45.35% · 97.7th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
45.35%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mantisbt | mantisbt | 1.2.13, 1.2.15, 1.2.16 |
| n/a | n/a | n/a |
Timeline
- Mar 4, 2014 PoC Published
- Mar 5, 2014 CVE Published
- Jan 14, 2015 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- [oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-list
- [oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability mailing-list
- 65903 vdb
- http://mantisbt.domainunion.de/bugs/view.php?id=17055 url
- http://www.mantisbt.org/blog/?p=288 url
- mantisbt-admconfigreport-sql-injection(91563) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2014-2238 advisory