CVE-2014-2238

MantisBT 1.2.13-1.2.16 - Authenticated SQL Injection via filter_config_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2238. PoCs published by Jakub Galczyk, including Metasploit module auxiliary/gather/mantisbt_admin_sqli.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in MantisBT versions 1.2.13 through 1.2.16, allowing an authenticated admin to read arbitrary files via a crafted POST request to the adm_config_report.php endpoint.

Description

SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.

Exploits (1)

metasploit WORKING POC

by Jakub Galczyk · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/mantisbt_admin_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in MantisBT versions 1.2.13 through 1.2.16, allowing an authenticated admin to read arbitrary files via a crafted POST request to the adm_config_report.php endpoint.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: MantisBT 1.2.13 to 1.2.16

Auth required

Prerequisites: Admin credentials for MantisBT · Network access to the target

MITRE ATT&CK