CVE-2020-28413

MEDIUM

MantisBT < 2.24.4 - SQL Injection via API SOAP mc_project_get_users Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-28413. PoCs published by EthicalHCOP.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Mantis Bug Tracker 2.24.3 via the 'access' parameter in the SOAP API. It extracts user credentials by brute-forcing password hashes through time-based SQLi techniques.

Description

In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.

Exploits (2)

exploitdb WORKING POC

by EthicalHCOP · pythonwebappsphp

https://www.exploit-db.com/exploits/49340

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Mantis Bug Tracker 2.24.3 via the 'access' parameter in the SOAP API. It extracts user credentials by brute-forcing password hashes through time-based SQLi techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Mantis Bug Tracker 2.24.3

Auth required

Prerequisites: Valid credentials for initial authentication · Access to the SOAP API endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by EthicalHCOP · poc

https://github.com/EthicalHCOP/CVE-2020-28413_Mantis2.24.3-SQLi-SOAP

View Code ZIP pw:eip

This is a functional SQL injection exploit for CVE-2020-28413 targeting MantisBT 2.24.3 via SOAP API. It extracts user credentials by brute-forcing password hashes through time-based SQLi.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: MantisBT 2.24.3

No auth needed

Prerequisites: SOAP API endpoint accessibility · MantisBT 2.24.3 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://ethicalhcop.medium.com/cve-2020-28413-blind-sql-injection-en-mantis-bug-tracker-2-24-3-api-soap-54238f8e046d

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/160750/Mantis-Bug-Tracker-2.24.3-SQL-Injection.html

Scores

CVSS v3 5.3

EPSS 0.0174

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (2)

mantisbt/mantisbt 2.24.3

mantisbt/mantisbt 0 - 2.24.4Packagist

Published Dec 30, 2020

Tracked Since Feb 18, 2026