CVE-2014-9279

The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
mantisbtmantisbt
1.0.0:a3
mantisbtmantisbt
1.0.0:rc1
mantisbtmantisbt
1.0.0:rc2
mantisbtmantisbt
1.0.0:rc3
mantisbtmantisbt
1.0.0:rc4
mantisbtmantisbt
1.0.0:rc5
mantisbtmantisbt
1.0.1
mantisbtmantisbt
1.0.2
mantisbtmantisbt
1.0.3
mantisbtmantisbt
1.0.4
mantisbtmantisbt
1.0.5
mantisbtmantisbt
1.0.6
mantisbtmantisbt
1.0.7
mantisbtmantisbt
1.0.8
mantisbtmantisbt
1.0.9
mantisbtmantisbt
1.1.0
mantisbtmantisbt
1.1.0:a1
mantisbtmantisbt
1.1.0:a2
mantisbtmantisbt
1.1.0:a3
mantisbtmantisbt
1.1.0:a4
mantisbtmantisbt
1.1.0:rc1
mantisbtmantisbt
1.1.0:rc2
mantisbtmantisbt
1.1.0:rc3
mantisbtmantisbt
1.1.1
mantisbtmantisbt
1.1.2
mantisbtmantisbt
1.1.3
mantisbtmantisbt
1.1.4
mantisbtmantisbt
1.1.5
mantisbtmantisbt
1.1.6
mantisbtmantisbt
1.1.7
mantisbtmantisbt
1.1.8
mantisbtmantisbt
1.1.9
mantisbtmantisbt
1.2.0
mantisbtmantisbt
1.2.0:alpha1
mantisbtmantisbt
1.2.0:alpha2
mantisbtmantisbt
1.2.0:alpha3
mantisbtmantisbt
1.2.0:rc1
mantisbtmantisbt
1.2.0:rc2
mantisbtmantisbt
1.2.1
mantisbtmantisbt
1.2.10
mantisbtmantisbt
1.2.11
mantisbtmantisbt
1.2.12
mantisbtmantisbt
1.2.13
mantisbtmantisbt
1.2.14
mantisbtmantisbt
1.2.15
mantisbtmantisbt
1.2.16
mantisbtmantisbt
1.2.17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mantis
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q4/863
http://www.mantisbt.org/bugs/view.php?id=17877
http://www.securityfocus.com/bid/71359
https://exchange.xforce.ibmcloud.com/vulnerabilities/99031
https://github.com/mantisbt/mantisbt/commit/0826cef8
http://seclists.org/oss-sec/2014/q4/863
http://www.mantisbt.org/bugs/view.php?id=17877
http://www.securityfocus.com/bid/71359
https://exchange.xforce.ibmcloud.com/vulnerabilities/99031
https://github.com/mantisbt/mantisbt/commit/0826cef8