CVE-2006-0840

Exploit

EPSS 1.67%
Veröffentlicht 22.02.2006 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie.  NOTE: this issue might be the same as vector 2 in CVE-2005-4519.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mantis ≫ Mantis Version <= 1.0.0_rc4

Mantis ≫ Mantis Version0.9

Mantis ≫ Mantis Version0.9.0

Mantis ≫ Mantis Version0.9.1

Mantis ≫ Mantis Version0.10

Mantis ≫ Mantis Version0.10.0

Mantis ≫ Mantis Version0.10.1

Mantis ≫ Mantis Version0.10.2

Mantis ≫ Mantis Version0.11

Mantis ≫ Mantis Version0.11.0

Mantis ≫ Mantis Version0.11.1

Mantis ≫ Mantis Version0.12

Mantis ≫ Mantis Version0.12.0

Mantis ≫ Mantis Version0.13

Mantis ≫ Mantis Version0.13.0

Mantis ≫ Mantis Version0.13.1

Mantis ≫ Mantis Version0.14

Mantis ≫ Mantis Version0.14.0

Mantis ≫ Mantis Version0.14.1

Mantis ≫ Mantis Version0.14.2

Mantis ≫ Mantis Version0.14.3

Mantis ≫ Mantis Version0.14.4

Mantis ≫ Mantis Version0.14.5

Mantis ≫ Mantis Version0.14.6

Mantis ≫ Mantis Version0.14.7

Mantis ≫ Mantis Version0.14.8

Mantis ≫ Mantis Version0.15

Mantis ≫ Mantis Version0.15.0

Mantis ≫ Mantis Version0.15.1

Mantis ≫ Mantis Version0.15.2

Mantis ≫ Mantis Version0.16

Mantis ≫ Mantis Version0.16.0

Mantis ≫ Mantis Version0.17

Mantis ≫ Mantis Version0.17.0

Mantis ≫ Mantis Version0.17.4a

Mantis ≫ Mantis Version0.18

Mantis ≫ Mantis Version0.18.0

Mantis ≫ Mantis Version0.18.0_rc1

Mantis ≫ Mantis Version0.18.0a1

Mantis ≫ Mantis Version0.18.0a2

Mantis ≫ Mantis Version0.18.0a3

Mantis ≫ Mantis Version0.18.0a4

Mantis ≫ Mantis Version0.18.1

Mantis ≫ Mantis Version0.18.2

Mantis ≫ Mantis Version0.18.3

Mantis ≫ Mantis Version0.18a1

Mantis ≫ Mantis Version0.19.0

Mantis ≫ Mantis Version0.19.0_rc1

Mantis ≫ Mantis Version0.19.0a

Mantis ≫ Mantis Version0.19.0a1

Mantis ≫ Mantis Version0.19.0a2

Mantis ≫ Mantis Version0.19.1

Mantis ≫ Mantis Version0.19.2

Mantis ≫ Mantis Version0.19.3

Mantis ≫ Mantis Version0.19.4

Mantis ≫ Mantis Version1.0.0_rc1

Mantis ≫ Mantis Version1.0.0_rc2

Mantis ≫ Mantis Version1.0.0_rc3

Mantis ≫ Mantis Version1.0.0a1

Mantis ≫ Mantis Version1.0.0a2

Mantis ≫ Mantis Version1.0.0a3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.67%	0.804

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://morph3us.org/advisories/20060214-mantis-100rc4.txt

Patch

Vendor Advisory

Exploit

http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059

Patch

http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963

Patch

http://www.securityfocus.com/archive/1/425046/100/0/threaded

http://www.securityfocus.com/bid/16657

https://exchange.xforce.ibmcloud.com/vulnerabilities/24726

https://nvd.nist.gov/vuln/detail/CVE-2006-0840

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0840

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0840

EUVD