Vulnerability Description
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantis | Mantis | 0.15.3 |
References
- http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
- http://marc.info/?l=bugtraq&m=102978728718851&w=2
- http://www.debian.org/security/2002/dsa-153PatchVendor Advisory
- http://www.iss.net/security_center/static/9897.php
- http://www.securityfocus.com/bid/5510PatchVendor Advisory
- http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
- http://marc.info/?l=bugtraq&m=102978728718851&w=2
- http://www.debian.org/security/2002/dsa-153PatchVendor Advisory
- http://www.iss.net/security_center/static/9897.php
- http://www.securityfocus.com/bid/5510PatchVendor Advisory
FAQ
What is CVE-2002-1110?
CVE-2002-1110 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operatio...
How severe is CVE-2002-1110?
CVE-2002-1110 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1110?
Check the references section above for vendor advisories and patch information. Affected products include: Mantis Mantis.