Lucene search
HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-1110
sql injection
mantis
security vulnerability
remote attackers
nvd
7.9 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
68.4%
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
Affected configurations
Node
mantismantisMatch0.15.3
ORmantismantisMatch0.15.4
ORmantismantisMatch0.15.5
ORmantismantisMatch0.15.6
ORmantismantisMatch0.15.7
ORmantismantisMatch0.15.8
ORmantismantisMatch0.15.9
ORmantismantisMatch0.15.10
ORmantismantisMatch0.15.11
ORmantismantisMatch0.15.12
ORmantismantisMatch0.16.0
ORmantismantisMatch0.16.1
ORmantismantisMatch0.17.0
ORmantismantisMatch0.17.1
ORmantismantisMatch0.17.2
Related
nvd
nvd
CVE-2002-1110
2002-10-04 04:00:00
cvelist
cvelist
CVE-2002-1110
2002-09-10 04:00:00
openvas
openvas
Debian Security Advisory DSA 153-1 (mantis)
2008-01-17 00:00:00
Debian Security Advisory DSA 153-1 (mantis)
2008-01-17 00:00:00
nessus
nessus
Mantis < 0.17.5 Multiple Vulnerabilities
2003-05-27 00:00:00
osv
osv
mantis - cross site code execution and privilege escalation
2002-08-14 00:00:00
7.9 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
68.4%
Related for CVE-2002-1110