Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mantis mantis 1.1.2 vulnerabilities and exploits
(subscribe to this query)
911
VMScore
CVE-2008-4687
manage_proj_page.php in Mantis prior to 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Mantis Mantis 1.0.2
Mantis Mantis 1.0.1
Mantis Mantis 1.0.4
Mantis Mantis 1.0.3
Mantis Mantis 1.1.2
Mantis Mantis
Mantis Mantis 1.0.6
Mantis Mantis 1.0.5
Mantis Mantis 1.0.8
Mantis Mantis 1.1.1
Mantis Mantis 1.0.7
Mantis Mantis 0.19.4
Mantis Mantis 0.19.3
2 EDB exploits
2 Github repositories
445
VMScore
CVE-2008-4688
core/string_api.php in Mantis prior to 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote malicious users to discover an issue's title and status via a request with a modified issue number.
Mantis Mantis 1.0.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19.3
Mantis Mantis 1.0.8
Mantis Mantis 1.0.1
Mantis Mantis 0.19.4
Mantis Mantis 1.0.3
Mantis Mantis 1.0.2
Mantis Mantis 1.1.2
Mantis Mantis 1.0.5
Mantis Mantis 1.0.4
Mantis Mantis 1.1.1
Mantis Mantis
655
VMScore
CVE-2008-3332
Eval injection vulnerability in adm_config_set.php in Mantis prior to 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Mantis Mantis 0.11
Mantis Mantis 0.11.0
Mantis Mantis 0.14
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.4
Mantis Mantis 0.9
1 EDB exploit
355
VMScore
CVE-2008-3331
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the filter_target parameter.
Mantis Mantis 0.10.0
Mantis Mantis 0.10.1
Mantis Mantis 0.13.0
Mantis Mantis 0.13.1
Mantis Mantis 0.14.5
Mantis Mantis 0.14.6
Mantis Mantis 0.15.11
Mantis Mantis 0.15.12
Mantis Mantis 0.15.9
Mantis Mantis 0.11.0
Mantis Mantis 0.11.1
Mantis Mantis 0.14.1
Mantis Mantis 0.14.2
Mantis Mantis 0.15
Mantis Mantis 0.15.0
Mantis Mantis 0.15.4
Mantis Mantis 0.15.5
Mantis Mantis 0.15.6
Mantis Mantis 0.17
Mantis Mantis 0.17.0
Mantis Mantis 0.18
Mantis Mantis 0.18.0
1 EDB exploit
668
VMScore
CVE-2008-3333
Directory traversal vulnerability in core/lang_api.php in Mantis prior to 1.1.2 allows remote malicious users to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.4
Mantis Mantis 0.9
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 1.0.0 Rc4
Mantis Mantis 1.0.0rc3
Mantis Mantis 1.0.0rc4
605
VMScore
CVE-2011-3357
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT prior to 1.2.8 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.0.7
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 0.19.4
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.0.4
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt
Mantisbt Mantisbt 1.1.1
383
VMScore
CVE-2011-3358
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT prior to 1.2.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to us...
Mantisbt Mantisbt 1.0.3
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.0.8
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.0.2
Mantisbt Mantisbt 1.0.1
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.0.6
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt
Mantisbt Mantisbt 0.19.3
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.0.5
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.0.0
Mantisbt Mantisbt 0.19.4
383
VMScore
CVE-2014-9272
The string_insert_href function in MantisBT 1.2.0a1 up to and including 1.2.x prior to 1.2.18 does not properly validate the URL protocol, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
231
VMScore
CVE-2014-9269
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 up to and including 1.2.x prior to 1.2.18, when Extended project browser is enabled, allows remote malicious users to inject arbitrary web script or HTML via the project cookie.
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0a2
Mantisbt Mantisbt 1.2.1
Mantisbt Mantisbt 1.2.8
Mantisbt Mantisbt 1.2.9
Mantisbt Mantisbt 1.2.17
Mantisbt Mantisbt 1.1.6
Mantisbt Mantisbt 1.1.7
Mantisbt Mantisbt 1.2.0a1
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.2.14
383
VMScore
CVE-2014-9271
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT prior to 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.
Debian Debian Linux 7.0
Mantisbt Mantisbt 1.1.0
Mantisbt Mantisbt 1.1.1
Mantisbt Mantisbt 1.1.8
Mantisbt Mantisbt 1.1.9
Mantisbt Mantisbt 1.2.0
Mantisbt Mantisbt 1.2.10
Mantisbt Mantisbt 1.2.11
Mantisbt Mantisbt 1.2.2
Mantisbt Mantisbt 1.2.3
Mantisbt Mantisbt 1.1.4
Mantisbt Mantisbt 1.1.5
Mantisbt Mantisbt 1.2.14
Mantisbt Mantisbt 1.2.15
Mantisbt Mantisbt 1.2.6
Mantisbt Mantisbt 1.2.7
Mantisbt Mantisbt 1.1.2
Mantisbt Mantisbt 1.1.3
Mantisbt Mantisbt 1.2.12
Mantisbt Mantisbt 1.2.13
Mantisbt Mantisbt 1.2.4
Mantisbt Mantisbt 1.2.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »