Vulnerability Description
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantisbt | Mantisbt | <= 1.2.18 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2015/q1/157Exploit
- http://www.securitytracker.com/id/1031633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100210
- https://github.com/mantisbt/mantisbt/commit/69c2d28d
- https://github.com/mantisbt/mantisbt/commit/7cc4539f
- https://www.htbridge.com/advisory/HTB23243
- https://www.mantisbt.org/bugs/view.php?id=17937
- https://www.mantisbt.org/bugs/view.php?id=17940Exploit
- http://seclists.org/oss-sec/2015/q1/157Exploit
- http://www.securitytracker.com/id/1031633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100210
- https://github.com/mantisbt/mantisbt/commit/69c2d28d
- https://github.com/mantisbt/mantisbt/commit/7cc4539f
- https://www.htbridge.com/advisory/HTB23243
- https://www.mantisbt.org/bugs/view.php?id=17937
FAQ
What is CVE-2014-9573?
CVE-2014-9573 is a vulnerability with a CVSS score of 6.0 (MEDIUM). SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the ...
How severe is CVE-2014-9573?
CVE-2014-9573 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9573?
Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt.