Unrated severityNVD Advisory· Published Jan 26, 2015· Updated May 6, 2026

CVE-2014-9572

Description

MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mantisbt.org/bugs/view.phpnvdVendor Advisory
seclists.org/oss-sec/2015/q1/158nvd
www.securitytracker.com/id/1031633nvd
exchange.xforce.ibmcloud.com/vulnerabilities/100211nvd
www.htbridge.com/advisory/HTB23243nvd
www.mantisbt.org/bugs/view.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000