CVE-2014-7146

This Metasploit module exploits a post-authentication PHP code injection vulnerability in MantisBT's XmlImportExport plugin via the `preg_replace` function with the `/e` modifier. It allows authenticated attackers to execute arbitrary PHP code by uploading a maliciously crafted XML file.

This Metasploit module exploits a post-authentication PHP code injection vulnerability in MantisBT's XmlImportExport plugin (CVE-2014-7146). It leverages the /e modifier in preg_replace() to execute arbitrary PHP code via crafted XML input, bypassing user level checks to allow exploitation even by anonymous users.

This Metasploit module exploits a PHP code injection vulnerability in MantisBT's XmlImportExport plugin (CVE-2014-7146, CVE-2014-8598) by leveraging the /e modifier in preg_replace() to execute arbitrary PHP code via a crafted XML file. It supports authentication bypass via anonymous login if enabled.