CVE-2019-15715
HIGH7.2EPSS 21.3%MantisBT Remote Code Execution
Published: 5/24/2022Modified: 5/29/2025
Description
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
Affected packages (1)
- Packagist/mantisbt/mantisbtfrom 0, < 1.3.20
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-15715
- PATCHhttps://github.com/mantisbt/mantisbt
- WEBhttp://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html
- WEBhttps://github.com/mantisbt/mantisbt/commit/5fb979604d88c630343b3eaf2b435cd41918c501
- WEBhttps://github.com/mantisbt/mantisbt/commit/7092573fac31eff41823f13540324db167c8bd52
- WEBhttps://github.com/mantisbt/mantisbt/commit/cebfb9acb3686e8904d80bd4bc80720b54ba08e5
- WEBhttps://github.com/mantisbt/mantisbt/commit/fc7668c8e45db55fc3a4b991ea99d2b80861a14c
- WEBhttps://mantisbt.org/bugs/changelog_page.php?project=mantisbt
- WEBhttps://mantisbt.org/bugs/view.php?id=26091
- WEBhttps://mantisbt.org/bugs/view.php?id=26162