CVE-2014-7146

Related Files

Debian Security Advisory 3120-1

Posted Jan 7, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3120-1 - Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.

tags | advisory, arbitrary, php, xss, sql injection, info disclosure

systems | linux, debian

advisories | CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388

SHA-256 | 8b72c564f64e337de7047ae5659136032afcdbff013f3cec70d686cb7d778df9

Download | Favorite | View

Mantis Bug Tracker 1.2.17 PHP Code Injection

Posted Dec 31, 2014

Authored by EgiX

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.

tags | exploit, php

advisories | CVE-2014-7146

SHA-256 | 5123adecd54a72a557dfcb5fa13fb9a040dc8f7303ed28a65d028c74cd29df24

Download | Favorite | View

MantisBT XmlImportExport Plugin PHP Code Injection

Posted Nov 18, 2014

Authored by EgiX | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.

tags | exploit, remote, arbitrary, php

advisories | CVE-2014-7146

SHA-256 | 48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9

Download | Favorite | View