Lucene search
HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-1110
sql injection
mantis
security vulnerability
remote attackers
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.5%
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
Affected configurations
Node
mantismantisMatch0.15.3
ORmantismantisMatch0.15.4
ORmantismantisMatch0.15.5
ORmantismantisMatch0.15.6
ORmantismantisMatch0.15.7
ORmantismantisMatch0.15.8
ORmantismantisMatch0.15.9
ORmantismantisMatch0.15.10
ORmantismantisMatch0.15.11
ORmantismantisMatch0.15.12
ORmantismantisMatch0.16.0
ORmantismantisMatch0.16.1
ORmantismantisMatch0.17.0
ORmantismantisMatch0.17.1
ORmantismantisMatch0.17.2
Related
cvelist
cvelist
CVE-2002-1110
2002-09-10 04:00:00
nvd
nvd
CVE-2002-1110
2002-10-04 04:00:00
osv
osv
mantis - cross site code execution and privilege escalation
2002-08-14 00:00:00
openvas
openvas
Debian Security Advisory DSA 153-1 (mantis)
2008-01-17 00:00:00
Debian Security Advisory DSA 153-1 (mantis)
2008-01-17 00:00:00
nessus
nessus
Mantis < 0.17.5 Multiple Vulnerabilities
2003-05-27 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.5%
Related for CVE-2002-1110