CVE-2018-6382
N/A
N/A
Summary
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
- https://mantisbt.org/bugs/view.php?id=23908
References
- http://archive.is/https:/mantisbt.org/bugs/view.php?id=23908
- https://mantisbt.org/bugs/view.php?id=23908
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.