There are multiple SQL Injection vulnerabilities in MantisBT which allow a remote attacker to access or modify data.

A remote attacker can compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Upgrade to verion 1.2.16 or higher.

Use of db_query() instead of db_query_bound() allowed SQL injection attacks due to unsanitized use of parameters within the query when using the SOAP API mc_project_get_attachments, news_get_limited_rows, summary_print_by_enum, summary_print_by_age, summary_print_by_developer, summary_print_by_reporter, summary_print_by_category, create_bug_enum_summary, enum_bug_group function and mc_issue_attachment_get.

MantisBT Version 1.2.15 and prior.

Check the version

• http://www.mantisbt.org/bugs/view.php?id=16879
• http://www.mantisbt.org/bugs/view.php?id=16880
• http://www.securityfocus.com/bid/65445
• http://www.securityfocus.com/bid/65461

---

Updated on 2015-03-25