← back
CVE-2014-8598

CVE-2014-8598

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 38%
from disclosure to weapon0 days
Published on NVDNov 18
1st PoCNov 18
metasploitNov 8
exploitation probability
38%top 2% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.