Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0840

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0840
Last Modified 05 Sep 2008 05:00:21
Published 21 Feb 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0840

Summary

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.

Vulnerable Systems

Application

  • Mantis 0.10

  • Mantis 0.10.0

  • Mantis 0.10.1

  • Mantis 0.10.2

  • Mantis 0.11

  • Mantis 0.11.0

  • Mantis 0.11.1

  • Mantis 0.12

  • Mantis 0.12.0

  • Mantis 0.13

  • Mantis 0.13.0

  • Mantis 0.13.1

  • Mantis 0.14

  • Mantis 0.14.0

  • Mantis 0.14.1

  • Mantis 0.14.2

  • Mantis 0.14.3

  • Mantis 0.14.4

  • Mantis 0.14.5

  • Mantis 0.14.6

  • Mantis 0.14.7

  • Mantis 0.14.8

  • Mantis 0.15

  • Mantis 0.15.0

  • Mantis 0.15.1

  • Mantis 0.15.2

  • Mantis 0.16

  • Mantis 0.16.0

  • Mantis 0.17

  • Mantis 0.17.0

  • Mantis 0.17.4a

  • Mantis 0.18

  • Mantis 0.18.0

  • Mantis 0.18.0 Rc1

  • Mantis 0.18.0a1

  • Mantis 0.18.0a2

  • Mantis 0.18.0a3

  • Mantis 0.18.0a4

  • Mantis 0.18.1

  • Mantis 0.18.2

  • Mantis 0.18.3

  • Mantis 0.18a1

  • Mantis 0.19.0

  • Mantis 0.19.0 Rc1

  • Mantis 0.19.0a

  • Mantis 0.19.0a1

  • Mantis 0.19.0a2

  • Mantis 0.19.1

  • Mantis 0.19.2

  • Mantis 0.19.3

  • Mantis 0.19.4

  • Mantis 0.9

  • Mantis 0.9.0

  • Mantis 0.9.1

  • Mantis 1.0.0 Rc1

  • Mantis 1.0.0 Rc2

  • Mantis 1.0.0 Rc3

  • Mantis 1.0.0 Rc4

  • Mantis 1.0.0a1

  • Mantis 1.0.0a2

  • Mantis 1.0.0a3


References

BUGTRAQ - 20060215 [BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4

MISC - http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963

MISC - http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059

MISC - http://morph3us.org/advisories/20060214-mantis-100rc4.txt

XF - mantis-manageuserpagesql-injection(24726)

BID - 16657


Last Updated: 27 May 2016 10:41:49