Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-1113

Published: 04/10/2002 Updated: 10/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mantis

Vulnerability Summary

summary_graph_functions.php in Mantis 0.17.3 and previous versions allows remote malicious users to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.

Vulnerable Product Search on Vulmon Subscribe to Product

mantis mantis 0.15.10

mantis mantis 0.15.7

mantis mantis 0.15.8

mantis mantis 0.15.5

mantis mantis 0.15.6

mantis mantis 0.17.2

mantis mantis 0.17.3

mantis mantis 0.15.3

mantis mantis 0.15.4

mantis mantis 0.17.0

mantis mantis 0.17.1

mantis mantis 0.15.11

mantis mantis 0.15.12

mantis mantis 0.15.9

mantis mantis 0.16.0

mantis mantis 0.16.1

Vendor Advisories

Debian Security Advisories: DSA-153-1 mantis -- cross site code execution and privilege escalation
Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system The Debian Security Team found even more similar problems When these occasions are exploited, a remote user is able to execute arbitrary code under the webserver user id on the web server hosting ...

Exploits

Exploit DB: Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
source: wwwsecurityfocuscom/bid/5504/info Mantis depends on include files to provide some functionality, such as dynamic generation of graphs However, since Mantis does not properly validate the path to the include file, it is possible for attackers to specify an arbitrary path, either to a local file or a file on a remote server Atta ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2002/dsa-153http://www.securityfocus.com/bid/5504http://www.osvdb.org/4858http://marc.info/?l=bugtraq&m=102978924821040&w=2http://marc.info/?l=bugtraq&m=102927873301965&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/9829https://nvd.nist.govhttps://www.debian.org/security/./dsa-153https://www.exploit-db.com/exploits/21727/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook