Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mantis Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-4520 1 Mantis 1 Mantis 2025-04-03 5.0 MEDIUM N/A
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
CVE-2005-4518 1 Mantis 1 Mantis 2025-04-03 7.5 HIGH N/A
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
CVE-2002-1113 1 Mantis 1 Mantis 2025-04-03 7.5 HIGH N/A
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
CVE-2002-1116 1 Mantis 1 Mantis 2025-04-03 7.5 HIGH N/A
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
CVE-2006-0840 1 Mantis 1 Mantis 2025-04-03 5.0 MEDIUM N/A
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVE-2005-3090 1 Mantis 1 Mantis 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.