CVE-2010-4350

N/A Unknown

Published: January 03, 2011 Modified: April 29, 2026

Description

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2010/12/15/5

Source: secalert@redhat.com

Exploit Patch

http://openwall.com/lists/oss-security/2010/12/16/2

Source: secalert@redhat.com

Exploit Patch

http://secunia.com/advisories/42772

Source: secalert@redhat.com

http://secunia.com/advisories/51199

Source: secalert@redhat.com

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: secalert@redhat.com

http://www.mantisbt.org/blog/?p=123

Source: secalert@redhat.com

http://www.mantisbt.org/bugs/changelog_page.php?version_id=112

Source: secalert@redhat.com

Exploit Patch

http://www.mantisbt.org/bugs/view.php?id=12607

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0002

Source: secalert@redhat.com

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php

Source: secalert@redhat.com

Exploit Patch

https://bugzilla.redhat.com/show_bug.cgi?id=663230

Source: secalert@redhat.com

Exploit Patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2010/12/15/5

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://openwall.com/lists/oss-security/2010/12/16/2

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://secunia.com/advisories/42772

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51199

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201211-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mantisbt.org/blog/?p=123

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mantisbt.org/bugs/changelog_page.php?version_id=112

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://www.mantisbt.org/bugs/view.php?id=12607

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0002

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

https://bugzilla.redhat.com/show_bug.cgi?id=663230

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

26 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

7.9%

94th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

mantisbt

Related CVEs

CVE-2026-57700 10.0

CVE-2026-56790 7.3

CVE-2026-56789 6.5

CVE-2026-56788 4.4

CVE-2026-56787 6.5