Vulnerabilities > Mantis > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4687 | Code Injection vulnerability in Mantis manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. | 9.0 |
| 2006-12-14 | CVE-2006-6515 | Remote Security vulnerability in Mantis Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | 10.0 |
| 2006-02-13 | CVE-2006-0665 | Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. | 10.0 |
| 2002-10-04 | CVE-2002-1110 | SQL Injection vulnerability in Mantis Account Update Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. | 10.0 |