Vulnerability Details CVE-2002-1110
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
- http://marc.info/?l=bugtraq&m=102978728718851&w=2
- http://www.debian.org/security/2002/dsa-153
- http://www.iss.net/security_center/static/9897.php
- http://www.securityfocus.com/bid/5510
- http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
- http://marc.info/?l=bugtraq&m=102978728718851&w=2
- http://www.debian.org/security/2002/dsa-153
- http://www.iss.net/security_center/static/9897.php
- http://www.securityfocus.com/bid/5510
Products affected by CVE-2002-1110
-
cpe:2.3:a:mantis:mantis:0.15.10
-
cpe:2.3:a:mantis:mantis:0.15.11
-
cpe:2.3:a:mantis:mantis:0.15.12
-
cpe:2.3:a:mantis:mantis:0.15.3
-
cpe:2.3:a:mantis:mantis:0.15.4
-
cpe:2.3:a:mantis:mantis:0.15.5
-
cpe:2.3:a:mantis:mantis:0.15.6
-
cpe:2.3:a:mantis:mantis:0.15.7
-
cpe:2.3:a:mantis:mantis:0.15.8
-
cpe:2.3:a:mantis:mantis:0.15.9
-
cpe:2.3:a:mantis:mantis:0.16.0
-
cpe:2.3:a:mantis:mantis:0.16.1
-
cpe:2.3:a:mantis:mantis:0.17.0
-
cpe:2.3:a:mantis:mantis:0.17.1
-
cpe:2.3:a:mantis:mantis:0.17.2