Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Published

2011-01-03T20:00:43.043

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mantisbt	mantisbt	≤ 1.2.3	Yes
Application	mantisbt	mantisbt	0.18.0	Yes
Application	mantisbt	mantisbt	0.19.0	Yes
Application	mantisbt	mantisbt	0.19.0	Yes
Application	mantisbt	mantisbt	0.19.0a1	Yes
Application	mantisbt	mantisbt	0.19.0a2	Yes
Application	mantisbt	mantisbt	0.19.1	Yes
Application	mantisbt	mantisbt	0.19.2	Yes
Application	mantisbt	mantisbt	0.19.3	Yes
Application	mantisbt	mantisbt	0.19.4	Yes
Application	mantisbt	mantisbt	0.19.5	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0	Yes
Application	mantisbt	mantisbt	1.0.0a1	Yes
Application	mantisbt	mantisbt	1.0.0a2	Yes
Application	mantisbt	mantisbt	1.0.0a3	Yes
Application	mantisbt	mantisbt	1.0.1	Yes
Application	mantisbt	mantisbt	1.0.2	Yes
Application	mantisbt	mantisbt	1.0.3	Yes
Application	mantisbt	mantisbt	1.0.4	Yes
Application	mantisbt	mantisbt	1.0.5	Yes
Application	mantisbt	mantisbt	1.0.6	Yes
Application	mantisbt	mantisbt	1.0.7	Yes
Application	mantisbt	mantisbt	1.0.8	Yes
Application	mantisbt	mantisbt	1.1.0	Yes
Application	mantisbt	mantisbt	1.1.1	Yes
Application	mantisbt	mantisbt	1.1.2	Yes
Application	mantisbt	mantisbt	1.1.4	Yes
Application	mantisbt	mantisbt	1.1.5	Yes
Application	mantisbt	mantisbt	1.1.6	Yes
Application	mantisbt	mantisbt	1.1.7	Yes
Application	mantisbt	mantisbt	1.1.8	Yes
Application	mantisbt	mantisbt	1.2.0	Yes
Application	mantisbt	mantisbt	1.2.1	Yes
Application	mantisbt	mantisbt	1.2.2	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html ([email protected])
http://openwall.com/lists/oss-security/2010/12/15/5 Exploit, Patch ([email protected])
http://openwall.com/lists/oss-security/2010/12/16/2 Exploit, Patch ([email protected])
http://secunia.com/advisories/42772 ([email protected])
http://secunia.com/advisories/51199 ([email protected])
http://security.gentoo.org/glsa/glsa-201211-01.xml ([email protected])
http://www.mantisbt.org/blog/?p=123 ([email protected])
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 Exploit, Patch ([email protected])
http://www.mantisbt.org/bugs/view.php?id=12607 ([email protected])
http://www.vupen.com/english/advisories/2011/0002 ([email protected])
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php Exploit, Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=663230 Exploit, Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/12/15/5 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2010/12/16/2 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42772 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51199 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201211-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/blog/?p=123 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.mantisbt.org/bugs/view.php?id=12607 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0002 (af854a3a-2127-422b-91ae-364da2661108)
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=663230 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)