Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1114

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1114
Last Modified 05 Sep 2008 04:29:49
Published 04 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1114

Summary

config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.

Vulnerable Systems

Application

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2

  • Mantis 0.17.3


References

XF - mantis-configinc-var-include(9900)

BID - 5509

DEBIAN - DSA-153

BUGTRAQ - 20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis


Last Updated: 27 May 2016 10:37:12