Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3333

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3333
Last Modified 17 Mar 2009 01:45:35
Published 27 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3333

Summary

Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

Vulnerable Systems

Application

  • Mantis 0.10

  • Mantis 0.10.0

  • Mantis 0.10.1

  • Mantis 0.10.2

  • Mantis 0.11

  • Mantis 0.11.0

  • Mantis 0.11.1

  • Mantis 0.12

  • Mantis 0.12.0

  • Mantis 0.13

  • Mantis 0.13.0

  • Mantis 0.13.1

  • Mantis 0.14

  • Mantis 0.14.0

  • Mantis 0.14.1

  • Mantis 0.14.2

  • Mantis 0.14.3

  • Mantis 0.14.4

  • Mantis 0.14.5

  • Mantis 0.14.6

  • Mantis 0.14.7

  • Mantis 0.14.8

  • Mantis 0.15

  • Mantis 0.15.0

  • Mantis 0.15.1

  • Mantis 0.15.10

  • Mantis 0.15.11

  • Mantis 0.15.12

  • Mantis 0.15.2

  • Mantis 0.15.3

  • Mantis 0.15.4

  • Mantis 0.15.5

  • Mantis 0.15.6

  • Mantis 0.15.7

  • Mantis 0.15.8

  • Mantis 0.15.9

  • Mantis 0.16

  • Mantis 0.16.0

  • Mantis 0.16.1

  • Mantis 0.17

  • Mantis 0.17.0

  • Mantis 0.17.1

  • Mantis 0.17.2

  • Mantis 0.17.3

  • Mantis 0.17.4

  • Mantis 0.17.4a

  • Mantis 0.17.5

  • Mantis 0.18

  • Mantis 0.18.0

  • Mantis 0.18.0 Rc1

  • Mantis 0.18.0a1

  • Mantis 0.18.0a2

  • Mantis 0.18.0a3

  • Mantis 0.18.0a4

  • Mantis 0.18.1

  • Mantis 0.18.2

  • Mantis 0.18.3

  • Mantis 0.18a1

  • Mantis 0.19

  • Mantis 0.19.0

  • Mantis 0.19.0 Rc1

  • Mantis 0.19.0a

  • Mantis 0.19.0a1

  • Mantis 0.19.0a2

  • Mantis 0.19.1

  • Mantis 0.19.2

  • Mantis 0.19.3

  • Mantis 0.19.4

  • Mantis 0.9

  • Mantis 0.9.0

  • Mantis 0.9.1

  • Mantis 1.0

  • Mantis 1.0.0

  • Mantis 1.0.0 Rc1

  • Mantis 1.0.0 Rc2

  • Mantis 1.0.0 Rc3

  • Mantis 1.0.0 Rc4

  • Mantis 1.0.0 Rc5

  • Mantis 1.0.0a1

  • Mantis 1.0.0a2

  • Mantis 1.0.0a3

  • Mantis 1.0.0rc1

  • Mantis 1.0.0rc2

  • Mantis 1.0.0rc3

  • Mantis 1.0.0rc4

  • Mantis 1.0.1

  • Mantis 1.0.2

  • Mantis 1.0.3

  • Mantis 1.0.4

  • Mantis 1.0.5

  • Mantis 1.0.6

  • Mantis 1.1

  • Mantis 1.1.0

  • Mantis 1.1.0a1

  • Mantis 1.1.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=456044

XF - mantis-accountprefsupdate-file-include(43984)

BID - 30354

BID - 29297

CONFIRM - http://www.mantisbt.org/bugs/view.php?id=9154

CONFIRM - http://www.mantisbt.org/bugs/changelog_page.php

GENTOO - GLSA-200809-10

SECUNIA - 31972

SECUNIA - 30270


Last Updated: 27 May 2016 10:48:10