| Vulnerability Name: | CVE-2002-1110 (CCN-9897) | ||||||||
| Assigned: | 2002-08-19 | ||||||||
| Published: | 2002-08-19 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1110 Source: CONFIRM Type: UNKNOWN http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt Source: BUGTRAQ Type: UNKNOWN 20020819 [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis Source: CCN Type: Mantis Advisory/2002-01 SQL poisoning vulnerability in Mantis Source: DEBIAN Type: Patch, Vendor Advisory DSA-153 Source: DEBIAN Type: DSA-153 mantis -- cross site code execution and privilege escalation Source: XF Type: UNKNOWN mantis-user-sql-injection(9897) Source: CCN Type: Mantis Web site Mantis Source: CCN Type: OSVDB ID: 6214 Mantis account_update.php Multiple Parameter SQL Injection Source: BID Type: Patch, Vendor Advisory 5510 Source: CCN Type: BID-5510 Mantis Account Update SQL Injection Vulnerability Source: XF Type: UNKNOWN mantis-user-sql-injection(9897) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||