mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-06 07:11:37 +00:00
749 B
749 B
CVE-2014-7146
Description
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
POC
Reference
Github
No PoCs found on GitHub currently.