Unrated severityNVD Advisory· Published Mar 5, 2014· Updated Jun 17, 2026
CVE-2014-2238
CVE-2014-2238
Description
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:mantisbt:mantisbt:1.2.16:*:*:*:*:*:*:*
- (no CPE)range: 1.2.13 - 1.2.16
Patches
Vulnerability mechanics
References
6- seclists.org/oss-sec/2014/q1/490nvdPatch
- www.securityfocus.com/bid/65903nvdExploit
- mantisbt.domainunion.de/bugs/view.phpnvdVendor Advisory
- www.mantisbt.org/blog/nvdVendor Advisory
- seclists.org/oss-sec/2014/q1/456nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/91563nvd
News mentions
0No linked articles in our index yet.