Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4519

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4519
Last Modified 07 Mar 2011 09:28:25
Published 27 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4519

Summary

Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.

Vulnerable Systems

Application

  • Mantis 0.10

  • Mantis 0.10.1

  • Mantis 0.10.2

  • Mantis 0.11

  • Mantis 0.11.1

  • Mantis 0.12

  • Mantis 0.13

  • Mantis 0.13.1

  • Mantis 0.14

  • Mantis 0.14.1

  • Mantis 0.14.2

  • Mantis 0.14.3

  • Mantis 0.14.4

  • Mantis 0.14.5

  • Mantis 0.14.6

  • Mantis 0.14.7

  • Mantis 0.14.8

  • Mantis 0.15

  • Mantis 0.15.1

  • Mantis 0.15.10

  • Mantis 0.15.11

  • Mantis 0.15.12

  • Mantis 0.15.2

  • Mantis 0.15.3

  • Mantis 0.15.4

  • Mantis 0.15.5

  • Mantis 0.15.6

  • Mantis 0.15.7

  • Mantis 0.15.8

  • Mantis 0.15.9

  • Mantis 0.16

  • Mantis 0.16.0

  • Mantis 0.16.1

  • Mantis 0.17

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2

  • Mantis 0.17.3

  • Mantis 0.17.4

  • Mantis 0.17.4a

  • Mantis 0.17.5

  • Mantis 0.18

  • Mantis 0.18.0 Rc1

  • Mantis 0.18.0a2

  • Mantis 0.18.0a3

  • Mantis 0.18.0a4

  • Mantis 0.18.2

  • Mantis 0.18.3

  • Mantis 0.18a1

  • Mantis 0.19.0

  • Mantis 0.19.0 Rc1

  • Mantis 0.19.0a

  • Mantis 0.19.0a1

  • Mantis 0.19.0a2

  • Mantis 0.19.1

  • Mantis 0.19.2

  • Mantis 0.19.3

  • Mantis 0.9

  • Mantis 0.9.1

  • Mantis 1.0.0 Rc1

  • Mantis 1.0.0 Rc2

  • Mantis 1.0.0 Rc3

  • Mantis 1.0.0a1

  • Mantis 1.0.0a2

  • Mantis 1.0.0a3


References

BID - 16046

GENTOO - GLSA-200512-12

SECUNIA - 18181

VUPEN - ADV-2005-3064

MISC - http://www.trapkit.de/advisories/TKADV2005-11-002.txt

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963

SECUNIA - 18221

OSVDB - 22052

OSVDB - 22051

DEBIAN - DSA-944

SECUNIA - 18481


Last Updated: 27 May 2016 10:41:20