core/database_api.php in Mantis 0.19.0a1 up to and including 1.0.0a3, with register_globals enabled, allows remote malicious users to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantis mantis 0.19.0_rc1 |
||
mantis mantis 0.19.0a1 |
||
mantis mantis 0.19.2 |
||
mantis mantis 1.0.0a1 |
||
mantis mantis 0.19.0 |
||
mantis mantis 1.0.0a2 |
||
mantis mantis 1.0.0a3 |
||
mantis mantis 0.19.0a2 |
||
mantis mantis 0.19.1 |