Question 1

What is CVE-2014-7146?

Accepted Answer

CVE-2014-7146 is a high-severity software vulnerability (Improper input validation) with a CVSS score of 7.5. The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the

Question 2

Is CVE-2014-7146 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 52%.

Question 3

What products does CVE-2014-7146 affect?

Accepted Answer

Tracked products affected include MantisBT. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2014-7146?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2014-7146

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information