CVE-2010-4349

EUVD-2010-4318
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
mantisbtmantisbt
𝑥
≤ 1.2.3
mantisbtmantisbt
0.18.0
mantisbtmantisbt
0.19.0
mantisbtmantisbt
0.19.0:rc1
mantisbtmantisbt
0.19.0a1:a1
mantisbtmantisbt
0.19.0a2:a2
mantisbtmantisbt
0.19.1
mantisbtmantisbt
0.19.2
mantisbtmantisbt
0.19.3
mantisbtmantisbt
0.19.4
mantisbtmantisbt
0.19.5
mantisbtmantisbt
1.0.0
mantisbtmantisbt
1.0.0:rc1
mantisbtmantisbt
1.0.0:rc2
mantisbtmantisbt
1.0.0:rc3
mantisbtmantisbt
1.0.0:rc4
mantisbtmantisbt
1.0.0:rc5
mantisbtmantisbt
1.0.0a1:a1
mantisbtmantisbt
1.0.0a2:a2
mantisbtmantisbt
1.0.0a3:a3
mantisbtmantisbt
1.0.1
mantisbtmantisbt
1.0.2
mantisbtmantisbt
1.0.3
mantisbtmantisbt
1.0.4
mantisbtmantisbt
1.0.5
mantisbtmantisbt
1.0.6
mantisbtmantisbt
1.0.7
mantisbtmantisbt
1.0.8
mantisbtmantisbt
1.1.0
mantisbtmantisbt
1.1.1
mantisbtmantisbt
1.1.2
mantisbtmantisbt
1.1.4
mantisbtmantisbt
1.1.5
mantisbtmantisbt
1.1.6
mantisbtmantisbt
1.1.7
mantisbtmantisbt
1.1.8
mantisbtmantisbt
1.2.0
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
dapper
not-affected
hardy
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
http://openwall.com/lists/oss-security/2010/12/15/4
http://openwall.com/lists/oss-security/2010/12/16/1
http://secunia.com/advisories/42772
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://www.mantisbt.org/blog/?p=123
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.vupen.com/english/advisories/2011/0002
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
http://openwall.com/lists/oss-security/2010/12/15/4
http://openwall.com/lists/oss-security/2010/12/16/1
http://secunia.com/advisories/42772
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://www.mantisbt.org/blog/?p=123
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.vupen.com/english/advisories/2011/0002
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463