CVE-2002-1110 : Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.

Published 2002-10-04 04:00:00

Updated 2016-10-18 02:23:40

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2002-1110

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-1110

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2002-1110

http://marc.info/?l=bugtraq&m=102978728718851&w=2
http://www.securityfocus.com/bid/5510

Patch;Vendor Advisory
http://www.iss.net/security_center/static/9897.php
http://www.debian.org/security/2002/dsa-153

Patch;Vendor Advisory

CVEs referencing this url
http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt

Products affected by CVE-2002-1110

Mantis » Mantis » Version: 0.15.10
cpe:2.3:a:mantis:mantis:0.15.10:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.7
cpe:2.3:a:mantis:mantis:0.15.7:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.8
cpe:2.3:a:mantis:mantis:0.15.8:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.5
cpe:2.3:a:mantis:mantis:0.15.5:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.6
cpe:2.3:a:mantis:mantis:0.15.6:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.17.1
cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.17.2
cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.3
cpe:2.3:a:mantis:mantis:0.15.3:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.4
cpe:2.3:a:mantis:mantis:0.15.4:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.16.1
cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.17.0
cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.11
cpe:2.3:a:mantis:mantis:0.15.11:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.12
cpe:2.3:a:mantis:mantis:0.15.12:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.15.9
cpe:2.3:a:mantis:mantis:0.15.9:*:*:*:*:*:*:*
Matching versions
Mantis » Mantis » Version: 0.16.0
cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-1110

Exploit prediction scoring system (EPSS) score for CVE-2002-1110

CVSS scores for CVE-2002-1110

References for CVE-2002-1110

Products affected by CVE-2002-1110