MantisBT XmlImportExport Plugin 'ImportXml.php' Arbitrary PHP Code Execution Vulnerability

Bugtraq ID: 70993
Class: Input Validation Error
CVE: CVE-2014-7146
Remote: Yes
Local: No
Published: Nov 08 2014 12:00AM
Updated: Apr 13 2015 09:31PM
Credit: Egidio 'EgiX' Romano
Vulnerable: Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.2.16
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2 RC2
Mantisbt Mantisbt 1.2 RC1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.1 rc3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0 RC3
Mantisbt Mantisbt 1.0 rc2
Mantisbt Mantisbt 1.0 RC1
Mantisbt Mantisbt 1.0
Mantisbt Mantisbt 0.19.5
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 0.19.2
Mantisbt Mantisbt 0.19
Mantisbt Mantisbt 0.18
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.0rc1
Mantisbt Mantisbt 1.2.0 A3
Mantisbt Mantisbt 1.2.0 A2
Mantisbt Mantisbt 1.2.0 A1
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.0 Rc2
Mantisbt Mantisbt 1.1.0 Rc1
Mantisbt Mantisbt 1.1.0 A4
Mantisbt Mantisbt 1.1.0 A3
Mantisbt Mantisbt 1.1.0 A2
Mantisbt Mantisbt 1.1.0 A1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.9
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0 RC5
Mantisbt Mantisbt 1.0.0 Rc4
Mantisbt Mantisbt 1.0.0 A3
Mantisbt Mantisbt 1.0.0 A2
Mantisbt Mantisbt 1.0.0 A1
Mantisbt Mantisbt 0.19.1
Mantisbt Mantisbt 0.19.0 Rc1
Mantisbt Mantisbt 0.19.0 A2
Mantisbt Mantisbt 0.19.0 A1
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus