PT-2005-5201 · Mantis · Mantis

Tobias Klein

Published

2005-12-28

Updated

2011-03-08

CVE-2005-4519

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mantis versions 1.0.0rc3 and earlier

Description The issue concerns SQL injection vulnerabilities in the manage user page. Remote attackers can execute arbitrary SQL commands via the prefix and sort parameters to the "manage user page.php" page, or the sort parameter to "view all set.php".

Recommendations For Mantis versions 1.0.0rc3 and earlier, consider restricting access to the manage user page and view all set.php until a fix is available. As a temporary workaround, avoid using the prefix and sort parameters in the affected pages to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4519

DSA-944-1

Affected Products

Mantis

PT-2005-5201 · Mantis · Mantis

CVE-2005-4519

Related Identifiers

Affected Products

References · 13