Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Max CVSS
7.5
EPSS Score
0.92%
Published
2008-10-22
Updated
2017-08-08
CVE-2008-4687
Public exploit
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Max CVSS
9.0
EPSS Score
96.32%
Published
2008-10-22
Updated
2018-05-13
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Max CVSS
7.5
EPSS Score
0.97%
Published
2008-07-27
Updated
2017-08-08
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Max CVSS
10.0
EPSS Score
0.18%
Published
2006-12-14
Updated
2008-09-05
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Max CVSS
10.0
EPSS Score
0.29%
Published
2006-02-13
Updated
2011-03-08
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Max CVSS
7.5
EPSS Score
1.54%
Published
2005-12-28
Updated
2011-03-08
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Max CVSS
7.5
EPSS Score
0.74%
Published
2005-08-24
Updated
2016-10-18
7 vulnerabilities found