PT-2005-5201 · Mantis · Mantis

Tobias Klein

Publicado

2005-12-28

Atualizado

2011-03-08

CVE-2005-4519

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mantis versions 1.0.0rc3 and earlier

Description The issue concerns SQL injection vulnerabilities in the manage user page. Remote attackers can execute arbitrary SQL commands via the prefix and sort parameters to the "manage user page.php" page, or the sort parameter to "view all set.php".

Recommendations For Mantis versions 1.0.0rc3 and earlier, consider restricting access to the manage user page and view all set.php until a fix is available. As a temporary workaround, avoid using the prefix and sort parameters in the affected pages to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-4519

DSA-944-1

Produtos afetados

Mantis

PT-2005-5201 · Mantis · Mantis

CVE-2005-4519

Identificadores relacionados

Produtos afetados

Referências · 13