First published: Tue Nov 18 2014(Updated: )
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mantisbt Mantisbt | =1.2.17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.