Shodan
Vulnerabilities
Vulnerable Software
Mantis:  >> Mantis  >> 0.17.0  Security Vulnerabilities
CVE-2005-3091
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVSS Score
4.3
EPSS Score
0.004
Published
2005-09-28
CVE-2004-1730
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-12-31
CVE-2004-1731
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
CVSS Score
5.0
EPSS Score
0.043
Published
2004-08-20
CVE-2002-1110
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
CVSS Score
10.0
EPSS Score
0.005
Published
2002-10-04
CVE-2002-1111
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
CVSS Score
5.0
EPSS Score
0.005
Published
2002-10-04
CVE-2002-1112
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
CVSS Score
5.0
EPSS Score
0.008
Published
2002-10-04
CVE-2002-1113
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
CVSS Score
7.5
EPSS Score
0.123
Published
2002-10-04
CVE-2002-1114
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
CVSS Score
7.5
EPSS Score
0.021
Published
2002-10-04
CVE-2002-1115
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
CVSS Score
5.0
EPSS Score
0.007
Published
2002-10-04
CVE-2002-1116
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
CVSS Score
7.5
EPSS Score
0.005
Published
2002-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved