CVE-2018-6382 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-6382 Interim 1 2 2025-08-14T02:41:01Z current 2024-03-22T01:18:14Z 2025-08-14T02:41:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-6382 MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass CVE-2018-6382 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N