CVE-2014-9388

Published: Dec 17, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.

Affected (1)

Products: Mantisbt: Mantisbt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mantisbt Mantisbt	Up to 1.2.17

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://seclists.org/oss-sec/2014/q4/955

Source: cve@mitre.org

http://secunia.com/advisories/62101

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3120

Source: cve@mitre.org

https://www.mantisbt.org/bugs/changelog_page.php?version_id=191

Source: cve@mitre.org

Vendor Advisory

https://www.mantisbt.org/bugs/view.php?id=17878

Source: cve@mitre.org

Vendor Advisory

http://seclists.org/oss-sec/2014/q4/955

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62101

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3120

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mantisbt.org/bugs/changelog_page.php?version_id=191

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mantisbt.org/bugs/view.php?id=17878

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.