Vulnerabilities > Mantis > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-10-22 CVE-2008-4687 Code Injection vulnerability in Mantis
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
network
low complexity
mantis CWE-94
critical
9.0
2006-12-14 CVE-2006-6515 Remote Security vulnerability in Mantis
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
network
low complexity
mantis
critical
10.0
2006-02-13 CVE-2006-0665 Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors.
network
low complexity
mantis
critical
10.0
2002-10-04 CVE-2002-1110 SQL Injection vulnerability in Mantis Account Update
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g.
network
low complexity
mantis
critical
10.0