Back to search
CVE-2014-8598
Published: Nov 18, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/mantisbt/mantisbt/commit/80a15487
x_refsource_CONFIRM
[oss-security] 20141108 CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access
mailing-list
x_refsource_MLIST
mantisbt-cve20148598-sec-bypass(98573)
vdb-entry
x_refsource_XF
70996
vdb-entry
x_refsource_BID
http://www.mantisbt.org/bugs/view.php?id=17780
x_refsource_CONFIRM
62101
third-party-advisory
x_refsource_SECUNIA
DSA-3120
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now