Low severity3.3OSV Advisory· Published Jan 30, 2018· Updated Jun 17, 2026
CVE-2018-6382
CVE-2018-6382
Description
MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- archive.is/https:/mantisbt.org/bugs/view.phpnvdVendor Advisory
- mantisbt.org/bugs/view.phpnvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.