CVE-2014-7146

Priority
Description
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote
attackers to execute arbitrary PHP code via a crafted (1) description field
or (2) issuelink attribute in an XML file, which is not properly handled
when executing the preg_replace function with the e modifier.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-09-10 03:11:36 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)