CVE-2014-6387

MantisBT <1.2.17 - Auth Bypass

Title source: llm

Description

gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.

References (4)

Scores

EPSS 0.0032
EPSS Percentile 55.1%

Classification

CWE
CWE-287
Status draft

Affected Products (23)

mantisbt/mantisbt < 1.2.17
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
mantisbt/mantisbt
... and 8 more

Timeline

Published Oct 22, 2014
Tracked Since Feb 18, 2026