CVE-2018-6382

LOW Year: 2018
CVSS v3 Score
3.3
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-89
View all →

Vulnerability Description

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass

Related Vulnerabilities

CVE-2022-20280

LOW
CVSS:3.3(Low)

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges...

CWE-892022

CVE-2025-22211

LOW
CVSS:3.4(Low)

A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management a...

CWE-892025

CVE-2024-50823

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

CWE-892024

CVE-2024-50824

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

CWE-892024

CVE-2024-50825

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.

CWE-892024

CVE-2024-50826

LOW
CVSS:3.5(Low)

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.

CWE-892024