Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-4687

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

  • Published: Oct 22, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-4687
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
mantis / mantis 1.0.6 1.0.6.x
mantis / mantis 1.0.2 1.0.2.x
mantis / mantis 1.0.4 1.0.4.x
mantis / mantis 1.0.8 1.0.8.x
mantis / mantis 0.19.3 0.19.3.x
mantis / mantis 1.0.7 1.0.7.x
mantis / mantis - 1.1.3.x
mantis / mantis 1.1.2 1.1.2.x
mantis / mantis 1.0.1 1.0.1.x
mantis / mantis 1.0.3 1.0.3.x
mantis / mantis 1.0.5 1.0.5.x
mantis / mantis 1.1.1 1.1.1.x
mantis / mantis 0.19.4 0.19.4.x