Unrated severityNVD Advisory· Published Mar 18, 2014· Updated May 6, 2026
CVE-2014-1608
CVE-2014-1608
Description
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*range: <=1.2.15
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.9:*:*:*:*:*:*:*
- (no CPE)range: <1.2.16
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
8- github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102nvdExploitPatch
- www.ocert.org/advisories/ocert-2014-001.htmlnvdUS Government Resource
- osvdb.org/103118nvd
- secunia.com/advisories/61432nvd
- www.debian.org/security/2014/dsa-3030nvd
- www.mantisbt.org/bugs/view.phpnvd
- www.securityfocus.com/bid/65445nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.