Vulnerability Description
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantis | Mantis | <= 1.0.0_rc4 |
References
- http://morph3us.org/advisories/20060214-mantis-100rc4.txtExploitPatchVendor Advisory
- http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&relPatch
- http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963Patch
- http://www.securityfocus.com/archive/1/425046/100/0/threaded
- http://www.securityfocus.com/bid/16657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24726
- http://morph3us.org/advisories/20060214-mantis-100rc4.txtExploitPatchVendor Advisory
- http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&relPatch
- http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963Patch
- http://www.securityfocus.com/archive/1/425046/100/0/threaded
- http://www.securityfocus.com/bid/16657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24726
FAQ
What is CVE-2006-0840?
CVE-2006-0840 is a vulnerability with a CVSS score of 5.0 (MEDIUM). manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeated...
How severe is CVE-2006-0840?
CVE-2006-0840 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0840?
Check the references section above for vendor advisories and patch information. Affected products include: Mantis Mantis.