mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-29 20:30:57 +02:00
760 B
760 B
CVE-2014-7146
Description
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
POC
Reference
Github
No PoCs found on GitHub currently.