ID de Prueba:	1.3.6.1.4.1.25623.1.0.105902
Categoría:	Web application abuses
Título:	MantisBT < 1.2.16 Multiple SQLi Vulnerabilities
Resumen:	There are multiple SQL injection (SQLi) vulnerabilities in; MantisBT which allow a remote attacker to access or modify data.
Descripción:	Summary: There are multiple SQL injection (SQLi) vulnerabilities in MantisBT which allow a remote attacker to access or modify data. Vulnerability Insight: Use of db_query() instead of db_query_bound() allowed SQL injection attacks due to unsanitized use of parameters within the query when using the SOAP API mc_project_get_attachments, news_get_limited_rows, summary_print_by_enum, summary_print_by_age, summary_print_by_developer, summary_print_by_reporter, summary_print_by_category, create_bug_enum_summary, enum_bug_group function and mc_issue_attachment_get. Vulnerability Impact: A remote attacker can compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: MantisBT 1.2.15 and prior. Solution: Update to version 1.2.16 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1608 BugTraq ID: 65445 http://www.securityfocus.com/bid/65445 Debian Security Information: DSA-3030 (Google Search) http://www.debian.org/security/2014/dsa-3030 http://www.ocert.org/advisories/ocert-2014-001.html http://osvdb.org/103118 http://secunia.com/advisories/61432 Common Vulnerability Exposure (CVE) ID: CVE-2014-1609 BugTraq ID: 65461 http://www.securityfocus.com/bid/65461
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.