SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-11-13T15:00:00
Updated: 2017-09-07T15:57:01
Reserved: 2014-10-30T00:00:00
Link: CVE-2014-8554
JSON object: View
NVD Information
Status : Modified
Published: 2014-11-13T21:32:11.063
Modified: 2021-01-12T18:05:59.507
Link: CVE-2014-8554
JSON object: View
Redhat Information
No data.
CWE