Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1113

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1113
Last Modified 05 Sep 2008 04:29:49
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1113

Summary

summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.

Vulnerable Systems

Application

  • Mantis 0.15.10

  • Mantis 0.15.11

  • Mantis 0.15.12

  • Mantis 0.15.3

  • Mantis 0.15.4

  • Mantis 0.15.5

  • Mantis 0.15.6

  • Mantis 0.15.7

  • Mantis 0.15.8

  • Mantis 0.15.9

  • Mantis 0.16.0

  • Mantis 0.16.1

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2

  • Mantis 0.17.3


References

BID - 5504

DEBIAN - DSA-153

XF - mantis-include-remote-files(9829)

OSVDB - 4858

BUGTRAQ - 20020819 [Mantis Advisory/2002-04] Arbitrary code execution

BUGTRAQ - 20020813 mantisbt security flaw


Last Updated: 27 May 2016 10:37:12