Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1110

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-1110
Last Modified 05 Sep 2008 04:29:48
Published 04 Oct 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1110

Summary

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.

Vulnerable Systems

Application

  • Mantis 0.15.10

  • Mantis 0.15.11

  • Mantis 0.15.12

  • Mantis 0.15.3

  • Mantis 0.15.4

  • Mantis 0.15.5

  • Mantis 0.15.6

  • Mantis 0.15.7

  • Mantis 0.15.8

  • Mantis 0.15.9

  • Mantis 0.16.0

  • Mantis 0.16.1

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2


References

BID - 5510

DEBIAN - DSA-153

XF - mantis-user-sql-injection(9897)

CONFIRM - http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt

BUGTRAQ - 20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis


Last Updated: 27 May 2016 10:37:12