Security Advisory

CVE-2014-8554

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-11-13 15:00:00

Last updated 2024-08-06 13:18:48

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.

← Browse all CVEs View on cve.org ↗