Unrated severityNVD Advisory· Published Nov 18, 2014· Updated Jun 17, 2026
CVE-2014-8598
CVE-2014-8598
Description
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7- www.mantisbt.org/bugs/view.phpnvdVendor Advisory
- github.com/mantisbt/mantisbt/commit/80a15487nvdVendor Advisory
- secunia.com/advisories/62101nvd
- www.debian.org/security/2015/dsa-3120nvd
- www.openwall.com/lists/oss-security/2014/11/07/28nvd
- www.securityfocus.com/bid/70996nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/98573nvd
News mentions
0No linked articles in our index yet.