CVE-2010-4348
Description
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MantisBT before 1.2.4 has an XSS vulnerability in admin/upgrade_unattended.php via the db_type parameter, due to an unsafe call to ADOdb library.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the admin/upgrade_unattended.php script of MantisBT versions before 1.2.4. The vulnerability is introduced by an unsafe call made by MantisBT to a function in the ADOdb Library for PHP, where the db_type parameter is not properly sanitized, allowing injection of arbitrary web script or HTML [1][2]. The affected versions are MantisBT 1.2.3 and prior; the issue was fixed in MantisBT 1.2.4 [2][4].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the admin/upgrade_unattended.php script with malicious code embedded in the db_type parameter. No authentication is required to access this script if the admin directory has not been removed after installation, which is a recommended practice [2]. The attack vector is remote, and user interaction is not needed beyond the attacker delivering the malicious URL to a victim who then accesses it [1][2].
Impact
Successful exploitation allows an attacker to inject arbitrary web script or HTML, leading to cross-site scripting (XSS). This can result in theft of sensitive information such as session cookies, defacement of the web application, or redirection to malicious sites. The scope of the compromise is within the context of the MantisBT instance, potentially affecting all users who view the crafted page [1][2][3].
Mitigation
The vulnerability is fixed in MantisBT version 1.2.4, released on 2010-12-14 [2][4]. System administrators are strongly advised to upgrade to this version or later. Additional measures include deleting the admin directory after installation to prevent unauthorized access to scripts like upgrade_unattended.php [2]. For users of MantisBT 1.1.x, a specific patch is available [4]. Red Hat issued updates for Fedora and EPEL [3]. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
- Zero Science Lab — Macedonian Information Security Research & Development Laboratory
- 0012607: LFI/FD and XSS in the 'upgrade_unattended.php'
- 663230 – (CVE-2010-4348, CVE-2010-4349, CVE-2010-4350) CVE-2010-4348 CVE-2010-4349 CVE-2010-4350 MantisBT <1.2.4 multiple vulnerabilities (LFI, XSS and PD)
- security - Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
40cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*range: <=1.2.3
- cpe:2.3:a:mantisbt:mantisbt:0.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:0.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0a3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
- (no CPE)range: <1.2.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- openwall.com/lists/oss-security/2010/12/15/4nvdExploitPatch
- openwall.com/lists/oss-security/2010/12/16/1nvdExploitPatch
- www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.phpnvdExploitPatch
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.htmlnvd
- secunia.com/advisories/42772nvd
- secunia.com/advisories/51199nvd
- security.gentoo.org/glsa/glsa-201211-01.xmlnvd
- www.mantisbt.org/blog/nvd
- www.mantisbt.org/bugs/changelog_page.phpnvd
- www.mantisbt.org/bugs/view.phpnvd
- www.vupen.com/english/advisories/2011/0002nvd
News mentions
0No linked articles in our index yet.