← back
CVE-2014-7146

CVE-2014-7146

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 51%
from disclosure to weapon0 days
Published on NVDNov 18
1st PoCNov 18
metasploitNov 8
exploitation probability
51%top 1% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.