Back to search
CVE-2018-6382
Published: Jan 30, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
x_refsource_MISC
https://mantisbt.org/bugs/view.php?id=23908
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now