Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT prior to 1.2.18 allow remote malicious users to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 1.2 |
||
mantisbt mantisbt |