8 matches found
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...
Mantis manage_proj_page PHP Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...
FreeBSD Ports: mantis
The remote host is missing an update to the system as announced in the referenced advisory. VID af2745c0-c3e0-11dd-a721-0030843d3802 OpenVAS Vulnerability Test $ Description: Auto generated from VID af2745c0-c3e0-11dd-a721-0030843d3802 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: mantis
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
GLSA-200812-07 : Mantis: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200812-07 Mantis: Multiple vulnerabilities Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.p...
CVE-2008-4687
manageprojpage.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by createfunction within the multisort function in core/utilityapi.php...
CVE-2008-4687
CVE-2008-4687 is a post-authentication remote code execution vulnerability in MantisBT where the sort parameter of manage_proj_page.php is unsafely passed to PHP create_function() within core/utility_api.php. Affected software includes MantisBT versions up to 1.1.3; versions 1.1.4 and later are i...
CVE-2008-4687
creationtimestamp| type| source ---|---|--- 2008-10-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6768 2018-05-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44611 2018-05-29 15:50:33+00:00| seen|...