MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities

high Nessus Plugin ID 73226

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the MantisBT install hosted on the remote web server is 1.1.0 or later but prior to 1.2.16. It is, therefore, affected by multiple vulnerabilities:

- A cross-site scripting flaw exists with the 'account_sponsor_page.php' where the 'project_id' parameter is not validated upon submission. This could allow a remote attacker to execute arbitrary script code within the browser / server trust relationship with a specially crafted request. (CVE-2013-4460)

- A SQL injection flaw exists in the SOAP API with the 'db_query()' function where user-supplied input is not properly sanitized via the 'mc_issue_attachment_get' SOAP request. This could allow a remote attacker to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data. This issue affects version 1.1.0a4 or later. (CVE-2014-1608)

- SQL injection flaws exists in 'core/news_api.php', 'core/summary_api.php', 'plugins/MantisGraph/core/graph_api.php', 'api/soap/mc_project_api.php', and 'proj_doc_page.php' pages. This could allow a remote attacker to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data. This issue only affects versions 1.2.0 - 1.2.15. (CVE-2014-1609)

Note that Nessus has relied only on the self-reported version number and has not actually tried to exploit these issues.

Solution

Upgrade to version 1.2.16 or later.

See Also

https://mantisbt.org/blog/archives/mantisbt/275

https://mantisbt.org/bugs/view.php?id=16513

https://mantisbt.org/bugs/view.php?id=16879

https://mantisbt.org/bugs/view.php?id=16880

Plugin Details

Severity: High

ID: 73226

File Name: mantis_1_2_16.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 3/27/2014

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 2/8/2014

Vulnerability Publication Date: 10/19/2013

Reference Information

CVE: CVE-2013-4460, CVE-2014-1608, CVE-2014-1609

BID: 63273, 65445, 65461

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990