NVD

Id
34603  
Name
CVE-2014-7146  
Description
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-11-18  
Modified Date
2017-01-02  
Seq
2014-7146  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
178146 34603 CVE-2014-7146 [oss-security] 20141108 CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability  View
178147 34603 CVE-2014-7146 62101  View
178148 34603 CVE-2014-7146 DSA-3120  View
178149 34603 CVE-2014-7146 http://www.mantisbt.org/bugs/view.php?id=17725  View
178150 34603 CVE-2014-7146 70993  View
178151 34603 CVE-2014-7146 mantisbt-cve20147146-code-exec(98572)  View
178152 34603 CVE-2014-7146 https://github.com/mantisbt/mantisbt/commit/84017535  View
178153 34603 CVE-2014-7146 https://github.com/mantisbt/mantisbt/commit/bed19db9  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16631 JVNDB-2014-005506 MantisBT の XmlImportExport プラグインにおける任意の PHP コードを実行される脆弱性 MantisBT の XmlImportExport プラグインには、任意の PHP コードを実行される脆弱性が存在します。 CVE-2014-7146 74438 CVE-2014-7146 34603 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005506.html 2014-11-01 2014-11-19 View