CVE-2014-9280

Published December 8th, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.

mantisbt/mantisbt

Mantis Bug Tracker (MantisBT)

GitHub

1.78K