Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.
Software | From | Fixed in |
---|---|---|
mantis / mantis | - | 0.19.3.x |
mantis / mantis | - | 1.0.0_rc3.x |
mantis / mantis | 0.10 | 0.10.x |
mantis / mantis | 0.10.1 | 0.10.1.x |
mantis / mantis | 0.10.2 | 0.10.2.x |
mantis / mantis | 0.11 | 0.11.x |
mantis / mantis | 0.11.1 | 0.11.1.x |
mantis / mantis | 0.12 | 0.12.x |
mantis / mantis | 0.13 | 0.13.x |
mantis / mantis | 0.13.1 | 0.13.1.x |
mantis / mantis | 0.14 | 0.14.x |
mantis / mantis | 0.14.1 | 0.14.1.x |
mantis / mantis | 0.14.2 | 0.14.2.x |
mantis / mantis | 0.14.3 | 0.14.3.x |
mantis / mantis | 0.14.4 | 0.14.4.x |
mantis / mantis | 0.14.5 | 0.14.5.x |
mantis / mantis | 0.14.6 | 0.14.6.x |
mantis / mantis | 0.14.7 | 0.14.7.x |
mantis / mantis | 0.14.8 | 0.14.8.x |
mantis / mantis | 0.15 | 0.15.x |
mantis / mantis | 0.15.1 | 0.15.1.x |
mantis / mantis | 0.15.10 | 0.15.10.x |
mantis / mantis | 0.15.11 | 0.15.11.x |
mantis / mantis | 0.15.12 | 0.15.12.x |
mantis / mantis | 0.15.2 | 0.15.2.x |
mantis / mantis | 0.15.3 | 0.15.3.x |
mantis / mantis | 0.15.4 | 0.15.4.x |
mantis / mantis | 0.15.5 | 0.15.5.x |
mantis / mantis | 0.15.6 | 0.15.6.x |
mantis / mantis | 0.15.7 | 0.15.7.x |
mantis / mantis | 0.15.8 | 0.15.8.x |
mantis / mantis | 0.15.9 | 0.15.9.x |
mantis / mantis | 0.16 | 0.16.x |
mantis / mantis | 0.16.0 | 0.16.0.x |
mantis / mantis | 0.16.1 | 0.16.1.x |
mantis / mantis | 0.17 | 0.17.x |
mantis / mantis | 0.17.0 | 0.17.0.x |
mantis / mantis | 0.17.1 | 0.17.1.x |
mantis / mantis | 0.17.2 | 0.17.2.x |
mantis / mantis | 0.17.3 | 0.17.3.x |
mantis / mantis | 0.17.4 | 0.17.4.x |
mantis / mantis | 0.17.4a | 0.17.4a.x |
mantis / mantis | 0.17.5 | 0.17.5.x |
mantis / mantis | 0.18 | 0.18.x |
mantis / mantis | 0.18.0_rc1 | 0.18.0_rc1.x |
mantis / mantis | 0.18.0a2 | 0.18.0a2.x |
mantis / mantis | 0.18.0a3 | 0.18.0a3.x |
mantis / mantis | 0.18.0a4 | 0.18.0a4.x |
mantis / mantis | 0.18.2 | 0.18.2.x |
mantis / mantis | 0.18.3 | 0.18.3.x |
mantis / mantis | 0.18a1 | 0.18a1.x |
mantis / mantis | 0.19.0 | 0.19.0.x |
mantis / mantis | 0.19.0_rc1 | 0.19.0_rc1.x |
mantis / mantis | 0.19.0a | 0.19.0a.x |
mantis / mantis | 0.19.0a1 | 0.19.0a1.x |
mantis / mantis | 0.19.0a2 | 0.19.0a2.x |
mantis / mantis | 0.19.1 | 0.19.1.x |
mantis / mantis | 0.19.2 | 0.19.2.x |
mantis / mantis | 0.9 | 0.9.x |
mantis / mantis | 0.9.1 | 0.9.1.x |
mantis / mantis | 1.0.0_rc1 | 1.0.0_rc1.x |
mantis / mantis | 1.0.0_rc2 | 1.0.0_rc2.x |
mantis / mantis | 1.0.0a1 | 1.0.0a1.x |
mantis / mantis | 1.0.0a2 | 1.0.0a2.x |
mantis / mantis | 1.0.0a3 | 1.0.0a3.x |