Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4350 | First vendor Publication | 2011-01-03 |
Vendor | Cve | Last vendor Modification | 2013-08-27 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4350 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-11-16 | Name : Gentoo Security Advisory GLSA 201211-01 (MantisBT) File : nvt/glsa_201211_01.nasl |
2011-01-08 | Name : MantisBT Multiple Vulnerabilities File : nvt/gb_mantisbt_mult_vuln.nasl |
2011-01-04 | Name : Fedora Update for mantis FEDORA-2010-19070 File : nvt/gb_fedora_2010_19070_mantis_fc13.nasl |
2011-01-04 | Name : Fedora Update for mantis FEDORA-2010-19078 File : nvt/gb_fedora_2010_19078_mantis_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70157 | MantisBT admin/upgrade_unattended.php db_type Parameter Traversal Local File ... MantisBT contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the admin/upgrade_unattended.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'db_type' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-11-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201211-01.nasl - Type : ACT_GATHER_INFO |
2011-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19070.nasl - Type : ACT_GATHER_INFO |
2011-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19078.nasl - Type : ACT_GATHER_INFO |
2010-12-22 | Name : The remote web server contains a web application that is susceptible to a loc... File : mantis_db_type_lfi.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:14:34 |
|
2024-02-01 12:04:04 |
|
2023-09-05 12:13:34 |
|
2023-09-05 01:03:55 |
|
2023-09-02 12:13:40 |
|
2023-09-02 01:03:58 |
|
2023-08-12 12:16:16 |
|
2023-08-12 01:03:58 |
|
2023-08-11 12:13:43 |
|
2023-08-11 01:04:07 |
|
2023-08-06 12:13:11 |
|
2023-08-06 01:04:00 |
|
2023-08-04 12:13:16 |
|
2023-08-04 01:04:00 |
|
2023-07-14 12:13:13 |
|
2023-07-14 01:03:58 |
|
2023-03-29 01:15:08 |
|
2023-03-28 12:04:04 |
|
2022-10-11 12:11:48 |
|
2022-10-11 01:03:45 |
|
2021-05-04 12:12:57 |
|
2021-04-22 01:13:28 |
|
2021-01-13 12:06:23 |
|
2021-01-13 01:06:27 |
|
2020-05-23 01:43:05 |
|
2020-05-23 00:26:57 |
|
2016-04-26 20:15:15 |
|
2014-02-17 10:58:43 |
|
2013-08-27 13:19:40 |
|
2013-08-22 13:18:56 |
|
2013-05-10 23:37:39 |
|