NVD

Id
15605  
Name
CVE-2010-4350  
Description
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2011-01-03  
Modified Date
2013-08-26  
Seq
2010-4350  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
88379 15605 CVE-2010-4350 FEDORA-2010-19070  View
88380 15605 CVE-2010-4350 FEDORA-2010-19078  View
88381 15605 CVE-2010-4350 [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability  View
88382 15605 CVE-2010-4350 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability  View
88383 15605 CVE-2010-4350 GLSA-201211-01  View
88384 15605 CVE-2010-4350 http://www.mantisbt.org/blog/?p=123  View
88385 15605 CVE-2010-4350 http://www.mantisbt.org/bugs/changelog_page.php?version_id=112  View
88386 15605 CVE-2010-4350 http://www.mantisbt.org/bugs/view.php?id=12607  View
88387 15605 CVE-2010-4350 ADV-2011-0002  View
88388 15605 CVE-2010-4350 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php  View
88389 15605 CVE-2010-4350 https://bugzilla.redhat.com/show_bug.cgi?id=663230  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37651 JVNDB-2010-003436 MantisBT の admin/upgrade_unattended.php におけるディレクトリトラバーサルの脆弱性 MantisBT の admin/upgrade_unattended.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2010-4350 46930 CVE-2010-4350 15605 5.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003436.html 2010-12-14 2012-03-27 View