Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP
SQLi
Debian Linux
Mantisbt
NVD
GitHub
VulDB
CVSS 2.0
7.5
EPSS
0.6%