CVE-2014-7146

The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mantisbt:mantisbt:1.2.17:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-18 15:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-7146

Mitre link : CVE-2014-7146

CVE.ORG link : CVE-2014-7146


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-20

Improper Input Validation