CVE-2020-28413
MEDIUM WAF: High
CVSS 6.5
Published: 2020-12-30
CWE-89
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mantisbt | mantisbt | 2.24.3 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory)
- ethicalhcop.medium.com (Third Party Advisory)