CVE Vulnerabilities

CVE-2005-2556

Published: Aug 24, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

Affected Software

Name Vendor Start Version End Version
Mantis Mantis 0.19.0a1 0.19.0a1
Mantis Mantis 0.19.0a2 0.19.0a2
Mantis Mantis 1.0.0a3 1.0.0a3
Mantis Mantis 1.0.0a1 1.0.0a1
Mantis Mantis 0.19.0_rc1 0.19.0_rc1
Mantis Mantis 1.0.0a2 1.0.0a2
Mantis Mantis 0.19.0 0.19.0
Mantis Mantis 0.19.1 0.19.1
Mantis Mantis 0.19.2 0.19.2

References