fkie_nvd - fkie_cve-2014-9279

fkie_cve-2014-9279

Vulnerability from fkie_nvd

Published

2014-12-08 16:59

Modified

2024-11-21 02:20

Severity ?

Summary

The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL.

References

URL	Tags
cve@mitre.org	http://seclists.org/oss-sec/2014/q4/863
cve@mitre.org	http://www.mantisbt.org/bugs/view.php?id=17877	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/71359
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/99031
cve@mitre.org	https://github.com/mantisbt/mantisbt/commit/0826cef8	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2014/q4/863
af854a3a-2127-422b-91ae-364da2661108	http://www.mantisbt.org/bugs/view.php?id=17877	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71359
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99031
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mantisbt/mantisbt/commit/0826cef8	Vendor Advisory

Impacted products

Vendor	Product	Version
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.0
mantisbt	mantisbt	1.0.1
mantisbt	mantisbt	1.0.2
mantisbt	mantisbt	1.0.3
mantisbt	mantisbt	1.0.4
mantisbt	mantisbt	1.0.5
mantisbt	mantisbt	1.0.6
mantisbt	mantisbt	1.0.7
mantisbt	mantisbt	1.0.8
mantisbt	mantisbt	1.0.9
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.0
mantisbt	mantisbt	1.1.1
mantisbt	mantisbt	1.1.2
mantisbt	mantisbt	1.1.3
mantisbt	mantisbt	1.1.4
mantisbt	mantisbt	1.1.5
mantisbt	mantisbt	1.1.6
mantisbt	mantisbt	1.1.7
mantisbt	mantisbt	1.1.8
mantisbt	mantisbt	1.1.9
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.0
mantisbt	mantisbt	1.2.1
mantisbt	mantisbt	1.2.10
mantisbt	mantisbt	1.2.11
mantisbt	mantisbt	1.2.12
mantisbt	mantisbt	1.2.13
mantisbt	mantisbt	1.2.14
mantisbt	mantisbt	1.2.15
mantisbt	mantisbt	1.2.16
mantisbt	mantisbt	1.2.17

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:a3:*:*:*:*:*:*",
              "matchCriteriaId": "BEF461E5-24D2-4540-A2FC-E0D4C3488B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62F6B391-DDE3-4E8E-8582-85EA7287E591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80DBD667-1FB9-4354-9150-A190D4D817A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F27E40C0-263F-452B-8C91-E621A02EFC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "CB888B14-EA67-4EDB-A3AF-ACD3F0A6227E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "1DB45A02-2522-4E10-BC81-48750ACB42DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86DE3BE3-D6C9-4905-9E61-B70776460604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F128A2E2-D509-4B50-95C2-1A31C5B3B31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "140D5F68-1CAB-458C-BC8B-4F726D657FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D25F4F5-7678-41C1-93CB-305883A08527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A1316D-314B-4740-A836-D5E6319F4B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBD27CCE-28C4-43CC-8CBD-D7FFB46171AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97298C43-B881-4C11-ADB6-17A8E43EB84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7257ADD7-C9B7-4F85-AA13-615DD033FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE6A94C0-48A1-4D42-AC43-7B4E959C4E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FE950B-5E29-4FAA-9BE5-79F38B4C38F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "45FF2B45-AA64-4428-8F6E-65C5171990CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:a2:*:*:*:*:*:*",
              "matchCriteriaId": "CC868663-1E48-4F9A-B687-5B48D016611B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:a3:*:*:*:*:*:*",
              "matchCriteriaId": "4F04ED02-4D99-45CF-9BEC-AC0F648748EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:a4:*:*:*:*:*:*",
              "matchCriteriaId": "0AC08731-C4BB-4D84-ADBE-80054149BF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35AAF0B4-31B5-4849-813F-63D9546C2E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "FB98EF06-7D6E-4D5F-819D-21B437E91B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "66AB409E-5A5B-4455-8B68-22C32152681B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F2BA78-D054-4E49-ABCA-637922898BF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4595B1E3-25AB-489E-A847-FDBF2554DD6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6A13A38-E149-42A7-9309-BC991521320B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11A8F17-5253-475B-89FF-A26EA7531E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A88B09D-CDCF-45FD-B004-13B597DA4F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "49583BE8-B832-4E9F-B154-47A26C72489D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2501F40-3630-4528-BE0A-61D4BB6EC7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9223DAF7-D03E-4A4E-8AB5-5CEB87DFF2C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "078C0943-C27C-44A9-B00D-5A261C58D6CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF77ABF-0A03-437A-B241-1EF2BBB83D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "9DA2615A-CD65-4765-AB0A-D72C2BEB00F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "7D09CC46-DFA2-408D-8720-05C23E73C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "3461212B-A96B-4D38-A722-84E7418C2A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7B6DEE14-744B-4DE4-BDCF-E4E4D37F70A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D4462BEE-39B6-47BD-B08F-5BE1FD918221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F096CD6-534E-4ABF-B2DF-D4B55B8C5F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE69E6A6-8CD2-4C8A-A30A-CB0A04AC539F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D464F7CF-A156-4EE5-BB59-6C759448EB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97BF96E-2FD0-4D5E-B736-8CCE6E8A34B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1BFB72-CDD6-466E-ACAD-EA442D11C22F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD11DD1B-EC1C-48F4-B4C6-1CF6A0F80970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5899A557-AC72-4CB0-984F-F274AE5932BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75A6F79-C5D5-4612-9976-B54664A5E29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mantisbt:mantisbt:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C54ABCB-AD1B-4C34-927A-D9D560EA4C07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n print_test_result en admin/upgrade_unattended.php en MantisBT 1.1.0a3 hasta 1.2.x anterior a 1.2.18 permite a atacantes remotos obtener las credenciales de la base de datos a trav\u00e9s de una URL en el par\u00e1metro hostname y la lectura de los par\u00e1metros en la respuesta enviada a la URL."
    }
  ],
  "id": "CVE-2014-9279",
  "lastModified": "2024-11-21T02:20:32.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-08T16:59:12.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/oss-sec/2014/q4/863"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=17877"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/71359"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99031"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/0826cef8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/oss-sec/2014/q4/863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mantisbt.org/bugs/view.php?id=17877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/mantisbt/mantisbt/commit/0826cef8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-9279

Vulnerability from cvelistv5

Published

2014-12-08 16:00

Modified

2024-08-06 13:40