CVE-2020-28413
published 2020-12-30CVE-2020-28413: In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
PriorityP352medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
4.86%
90.9th percentile
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mantisbt | mantisbt | — | — |
| mantisbt | mantisbt | >= 0 < 2.24.4 | 2.24.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MantisBT SQL Injection via mc_project_get_users function
ghsa·2022-05-24
CVE-2020-28413 [MEDIUM] CWE-89 MantisBT SQL Injection via mc_project_get_users function
MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
OSV
MantisBT SQL Injection via mc_project_get_users function
osv·2022-05-24
CVE-2020-28413 [MEDIUM] MantisBT SQL Injection via mc_project_get_users function
MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.htmlhttps://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046dhttp://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.htmlhttps://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d
2020-12-30
Published