CVE-2002-1110

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.

Published: Oct 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1110
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mantis / mantis	0.15.12	0.15.12.x
mantis / mantis	0.15.3	0.15.3.x
mantis / mantis	0.15.9	0.15.9.x
mantis / mantis	0.17.0	0.17.0.x
mantis / mantis	0.15.10	0.15.10.x
mantis / mantis	0.16.1	0.16.1.x
mantis / mantis	0.15.4	0.15.4.x
mantis / mantis	0.15.11	0.15.11.x
mantis / mantis	0.17.2	0.17.2.x
mantis / mantis	0.15.7	0.15.7.x
mantis / mantis	0.17.1	0.17.1.x
mantis / mantis	0.15.5	0.15.5.x
mantis / mantis	0.16.0	0.16.0.x
mantis / mantis	0.15.8	0.15.8.x
mantis / mantis	0.15.6	0.15.6.x

http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
http://marc.info/?l=bugtraq&m=102978728718851&w=2
http://www.debian.org/security/2002/dsa-153
http://www.iss.net/security_center/static/9897.php
http://www.securityfocus.com/bid/5510

Vulnerability Database

289,697

CVE-2002-1110