Mantisbt
Monthly
MantisBT versions prior to 2.28.1 contain an authentication bypass vulnerability in the SOAP API caused by improper type checking on the password parameter when running on MySQL family databases. An attacker who knows a victim's username can log in to the SOAP API without knowing the correct password and execute any API function available to that account. While a CVE CVSS score is not yet assigned, the vulnerability is patched in version 2.28.1, and disabling the SOAP API reduces but does not eliminate the risk.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
MantisBT versions prior to 2.28.1 contain an authentication bypass vulnerability in the SOAP API caused by improper type checking on the password parameter when running on MySQL family databases. An attacker who knows a victim's username can log in to the SOAP API without knowing the correct password and execute any API function available to that account. While a CVE CVSS score is not yet assigned, the vulnerability is patched in version 2.28.1, and disabling the SOAP API reduces but does not eliminate the risk.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.