| VID |
21353 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mantis on the remote Web server, according to its version number, has Multiple Vulnerabilities.
Mantis is a freely available PHP-based bug tracking system that uses a MySQL backend database. Mantis versions 0.17.3 and earlier are vulnerable to the following vulnerabilities:
- User Table SQL Injection Vulnerability(CAN-2002-1110)
- Print Reports Limit Reporters Option Bypass Vulnerability(CAN-2002-1111)
- Unauthorized Project Bug List Viewing Vulnerability(CAN-2002-1112)
- JPGraph Remote File Include Vulnerability(CAN-2002-1113)
- Configuration Remote File Include Vulnerability(CAN-2002-1114)
* Note: This check solely relied on the version of Mantis on the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Mantis version 0.17.3 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mantis (0.17.4a or later), available from the Mantis web site at http://www.mantisbt.org/index.php |
| Related URL |
CVE-2002-1110,CVE-2002-1111,CVE-2002-1112,CVE-2002-1113,CVE-2002-1114 (CVE) |
| Related URL |
5504,5509,5515,5514 (SecurityFocus) |
| Related URL |
9829,9897,9898,9899,9900 (ISS) |
|
