 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805267 |
| Categoría: | Web application abuses |
| Título: | MantisBT < 1.2.19, 1.3.x < 1.3.0-beta.2 Multiple Vulnerabilities |
| Resumen: | MantisBT is prone to multiple vulnerabilities. |
| Descripción: | Summary: MantisBT is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Insufficient filtration of input data passed via the 'admin_username' and 'admin_password' HTTP GET parameters to '/install.php' script. - Insufficient access restrictions to the installation script 'install.php' when HTTP GET 'install' parameter is set to '4'. - One can get an unlimited amount of 'samples' with different perturbations for the same challenge. - Insufficient filtration of the 'MANTIS_MANAGE_USERS_COOKIE' HTTP COOKIE in '/manage_user_page.php' script. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server, access the installation script and obtain database access credentials and conduct SQL injection attacks. Affected Software/OS: MantisBT version before 1.2.19 and 1.3.x before 1.3.0-beta.2. Solution: Update to version 1.2.19, 1.3.0-beta.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9573 https://www.htbridge.com/advisory/HTB23243 http://seclists.org/oss-sec/2015/q1/157 http://www.securitytracker.com/id/1031633 XForce ISS Database: mantisbt-cve20149573-sql-injection(100210) https://exchange.xforce.ibmcloud.com/vulnerabilities/100210 Common Vulnerability Exposure (CVE) ID: CVE-2014-9572 http://seclists.org/oss-sec/2015/q1/158 XForce ISS Database: mantisbt-cve20149572-sec-bypass(100211) https://exchange.xforce.ibmcloud.com/vulnerabilities/100211 Common Vulnerability Exposure (CVE) ID: CVE-2014-9571 http://seclists.org/oss-sec/2015/q1/156 XForce ISS Database: mantisbt-cve20149571-xss(100209) https://exchange.xforce.ibmcloud.com/vulnerabilities/100209 Common Vulnerability Exposure (CVE) ID: CVE-2014-9624 http://www.openwall.com/lists/oss-security/2015/01/18/11 XForce ISS Database: mantisbt-cve20149624-sec-bypass(100213) https://exchange.xforce.ibmcloud.com/vulnerabilities/100213 Common Vulnerability Exposure (CVE) ID: CVE-2014-9701 http://www.openwall.com/lists/oss-security/2015/03/15/2 |
| Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |