Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mantis | Mantis | 0.15.3 | 0.15.3 |
Mantis | Mantis | 0.15.4 | 0.15.4 |
Mantis | Mantis | 0.15.5 | 0.15.5 |
Mantis | Mantis | 0.15.6 | 0.15.6 |
Mantis | Mantis | 0.15.7 | 0.15.7 |
Mantis | Mantis | 0.15.8 | 0.15.8 |
Mantis | Mantis | 0.15.9 | 0.15.9 |
Mantis | Mantis | 0.15.10 | 0.15.10 |
Mantis | Mantis | 0.15.11 | 0.15.11 |
Mantis | Mantis | 0.15.12 | 0.15.12 |
Mantis | Mantis | 0.16.0 | 0.16.0 |
Mantis | Mantis | 0.16.1 | 0.16.1 |
Mantis | Mantis | 0.17.0 | 0.17.0 |
Mantis | Mantis | 0.17.1 | 0.17.1 |
Mantis | Mantis | 0.17.2 | 0.17.2 |