Main Vulnerability Database Exploits ID:5671 - Exploit for OS Command Injection in MantisBT - CVE-2019-15715

ID:5671 - Exploit for OS Command Injection in MantisBT - CVE-2019-15715

Published: June 17, 2021

Vulnerability identifier: #VU30729

Vulnerability risk: Medium

CVE-ID: CVE-2019-15715

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
MantisBT

Link to public exploit:

The vulnerability allows a remote privileged user to execute arbitrary code.

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

Install update from vendor's website.