Secunia reports:
EgiX has discovered a vulnerability in Mantis, which can be
exploited by malicious users to compromise a vulnerable system.
Input passed to the “sort” parameter in manage_proj_page.php is not
properly sanitised before being used in a “create_function()” call.
This can be exploited to execute arbitrary PHP code.