MantisBT 1.2.x < 1.2.18 Multiple Vulnerabilities

high Nessus Plugin ID 80914

Synopsis

The remote web server contains a PHP application that is affected by multiple vulnerabilities.

Description

According to its version number, the MantisBT application hosted on the remote web server is 1.2.x prior to 1.2.18. It is, therefore, affected by the following vulnerabilities :

- Multiple input-validation errors exist that could allow cross-site scripting attacks. (CVE-2014-7146, CVE-2014-8986, CVE-2014-8987, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281)

- Two unspecified errors exist that could allow SQL injection attacks. (CVE-2014-8554, CVE-2014-9089)

- Three unspecified errors exist that could allow information disclosure attacks. (CVE-2014-8553, CVE-2014-8988, CVE-2014-9279)

- An error exists in the file 'core/string_api.php' that could allow open redirect attacks. (CVE-2014-6316)

- An error exists in the file 'gpc_api.php' that could allow an attacker to bypass authentication protections by using a password that starts with a NULL byte.
(CVE-2014-6387)

- An error exists in the 'XML Import/Export' plugin that could allow unauthorized attackers to upload XML files or obtain sensitive information. (CVE-2014-8598)

- An error exists related to the CAPTCHA protection mechanism and the parameter 'public_key' that could allow security bypasses. (CVE-2014-9117)

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 1.2.18 or later.

See Also

https://mantisbt.org/blog/archives/mantisbt/301

https://www.mantisbt.org/bugs/changelog_page.php?version_id=191

Plugin Details

Severity: High

ID: 80914

File Name: mantis_1_2_18.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 1/22/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/6/2014

Vulnerability Publication Date: 12/6/2014

Exploitable With

Metasploit (MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability)

Reference Information

CVE: CVE-2014-6316, CVE-2014-6387, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8987, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9279, CVE-2014-9280, CVE-2014-9281

BID: 70856, 70993, 70996, 71104, 71321, 71359, 71361, 71371, 71372, 71478

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990