Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4349

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Published

2011-01-03T20:00:43.013

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mantisbt	mantisbt	≤ 1.2.3	Yes
Application	mantisbt	mantisbt	0.18.0	Yes
Application	mantisbt	mantisbt	0.19.0	Yes
Application	mantisbt	mantisbt	0.19.0	Yes
Application	mantisbt	mantisbt	0.19.0a1	Yes
Application	mantisbt	mantisbt	0.19.0a2	Yes
Application	mantisbt	mantisbt	0.19.1	Yes
Application	mantisbt	mantisbt	0.19.2	Yes
Application	mantisbt	mantisbt	0.19.3	Yes
Application	mantisbt	mantisbt	0.19.4	Yes
Application	mantisbt	mantisbt	0.19.5	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0a1	Yes
Application	mantisbt	mantisbt	1.0.0a2	Yes
Application	mantisbt	mantisbt	1.0.0a3	Yes
Application	mantisbt	mantisbt	1.0.1	Yes
Application	mantisbt	mantisbt	1.0.2	Yes
Application	mantisbt	mantisbt	1.0.3	Yes
Application	mantisbt	mantisbt	1.0.4	Yes
Application	mantisbt	mantisbt	1.0.5	Yes
Application	mantisbt	mantisbt	1.0.6	Yes
Application	mantisbt	mantisbt	1.0.7	Yes
Application	mantisbt	mantisbt	1.0.8	Yes
Application	mantisbt	mantisbt	1.1.0	Yes
Application	mantisbt	mantisbt	1.1.1	Yes
Application	mantisbt	mantisbt	1.1.2	Yes
Application	mantisbt	mantisbt	1.1.4	Yes
Application	mantisbt	mantisbt	1.1.5	Yes
Application	mantisbt	mantisbt	1.1.6	Yes
Application	mantisbt	mantisbt	1.1.7	Yes
Application	mantisbt	mantisbt	1.1.8	Yes
Application	mantisbt	mantisbt	1.2.0	Yes
Application	mantisbt	mantisbt	1.2.1	Yes
Application	mantisbt	mantisbt	1.2.2	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html ([email protected])
http://openwall.com/lists/oss-security/2010/12/15/4 Exploit, Patch ([email protected])
http://openwall.com/lists/oss-security/2010/12/16/1 Exploit, Patch ([email protected])
http://secunia.com/advisories/42772 ([email protected])
http://secunia.com/advisories/51199 ([email protected])
http://security.gentoo.org/glsa/glsa-201211-01.xml ([email protected])
http://www.mantisbt.org/blog/?p=123 ([email protected])
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 ([email protected])
http://www.mantisbt.org/bugs/view.php?id=12607 ([email protected])
http://www.vupen.com/english/advisories/2011/0002 ([email protected])
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php Exploit, Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=663230 Exploit, Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/12/15/4 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/12/16/1 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42772 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51199 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201211-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/blog/?p=123 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/bugs/view.php?id=12607 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0002 (af854a3a-2127-422b-91ae-364da2661108)
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=663230 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463 (af854a3a-2127-422b-91ae-364da2661108)