The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-11-18T15:00:00
Updated: 2017-09-07T15:57:01
Reserved: 2014-09-22T00:00:00
Link: CVE-2014-7146
JSON object: View
NVD Information
Status : Modified
Published: 2014-11-18T15:59:02.500
Modified: 2017-09-08T01:29:15.013
Link: CVE-2014-7146
JSON object: View
Redhat Information
No data.
CWE