core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mantis | Mantis | 0.19.0a1 | 0.19.0a1 |
Mantis | Mantis | 0.19.0a2 | 0.19.0a2 |
Mantis | Mantis | 1.0.0a3 | 1.0.0a3 |
Mantis | Mantis | 1.0.0a1 | 1.0.0a1 |
Mantis | Mantis | 0.19.0_rc1 | 0.19.0_rc1 |
Mantis | Mantis | 1.0.0a2 | 1.0.0a2 |
Mantis | Mantis | 0.19.0 | 0.19.0 |
Mantis | Mantis | 0.19.1 | 0.19.1 |
Mantis | Mantis | 0.19.2 | 0.19.2 |