- Description
- If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mantisbt:mantisbt:2.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "146401B2-FDE4-4ACC-9CFA-E7BEE11D1FCF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2177DDD2-8830-4838-9945-0368DBDD1815"
},
{
"criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CA450156-3EEF-4F22-8F28-2E0A55C81FF6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]