Home > Vulnerability Database > CVE-2020-28413

Mend.io Vulnerability Database

CVE-2020-28413

Date: December 30, 2020

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP. After conducting further research, Mend has determined that all versions of MantisBT up to version 2.24.4 are vulnerable to CVE-2020-28413.

Language: PHP

Severity Score

5.3

Related Resources (6)

Url: http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html

Url: https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-28413

Url: https://github.com/mantisbt/mantisbt

Url: https://github.com/mantisbt/mantisbt/commit/3e37b4041bf76422541836a424ca71bc4a660247

Url: https://www.mend.io/vulnerability-database/CVE-2020-28413

Severity Score

5.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-28413

Date: December 30, 2020

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?