Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
Max CVSS
7.5
EPSS Score
0.92%
Published
2008-10-22
Updated
2017-08-08
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Max CVSS
5.0
EPSS Score
0.49%
Published
2008-10-22
Updated
2009-02-10
CVE-2008-4687
Public exploit
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Max CVSS
9.0
EPSS Score
96.32%
Published
2008-10-22
Updated
2018-05-13
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Max CVSS
7.5
EPSS Score
0.97%
Published
2008-07-27
Updated
2017-08-08
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Max CVSS
6.5
EPSS Score
1.48%
Published
2008-07-27
Updated
2017-09-29
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
Max CVSS
5.0
EPSS Score
0.79%
Published
2006-12-15
Updated
2017-07-29
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
Max CVSS
10.0
EPSS Score
0.18%
Published
2006-12-14
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
Max CVSS
6.8
EPSS Score
2.54%
Published
2006-04-02
Updated
2017-07-20
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
Max CVSS
5.0
EPSS Score
4.48%
Published
2006-02-22
Updated
2018-10-18
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
Max CVSS
10.0
EPSS Score
0.29%
Published
2006-02-13
Updated
2011-03-08
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.62%
Published
2005-12-28
Updated
2011-03-08
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
Max CVSS
5.0
EPSS Score
0.75%
Published
2005-12-28
Updated
2011-03-08
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Max CVSS
7.5
EPSS Score
1.54%
Published
2005-12-28
Updated
2011-03-08
13 vulnerabilities found