CVE-2010-4349

MantisBT < 1.2.4 - Information Disclosure via Invalid db_type Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4349. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) and path disclosure vulnerability in MantisBT <=1.2.3. The XSS is triggered via the 'db_type' parameter in the admin/upgrade_unattended.php script, while the path disclosure occurs when an invalid 'db_type' parameter is provided.

Description

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/15735

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) and path disclosure vulnerability in MantisBT <=1.2.3. The XSS is triggered via the 'db_type' parameter in the admin/upgrade_unattended.php script, while the path disclosure occurs when an invalid 'db_type' parameter is provided.

Classification

Working Poc 100%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MantisBT <=1.2.3

No auth needed

Prerequisites: Access to the admin/upgrade_unattended.php script

MITRE ATT&CK

T1059.007 - JavaScript T1114 - Email Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0002

Exploit, Patch x_refsource_misc

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/12/16/1

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201211-01.xml

Various Sources x_refsource_confirm

http://www.mantisbt.org/blog/?p=123

Various Sources x_refsource_confirm

http://www.mantisbt.org/bugs/view.php?id=12607

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/64463

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51199

Exploit, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=663230

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html

Exploit, Patch mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2010/12/15/4

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42772

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html

Various Sources x_refsource_confirm

http://www.mantisbt.org/bugs/changelog_page.php?version_id=112

Scores

EPSS 0.0884

EPSS Percentile 94.5%

Details

CWE

CWE-200

Status published

Products (33)

mantisbt/mantisbt 0.18.0

mantisbt/mantisbt 0.19.0 (2 CPE variants)

mantisbt/mantisbt 0.19.0a1

mantisbt/mantisbt 0.19.0a2

mantisbt/mantisbt 0.19.1

mantisbt/mantisbt 0.19.2

mantisbt/mantisbt 0.19.3

mantisbt/mantisbt 0.19.4

mantisbt/mantisbt 0.19.5

mantisbt/mantisbt 1.0.0 (6 CPE variants)

... and 23 more

Published Jan 03, 2011

Tracked Since Feb 18, 2026