7.5

CVE-2008-3333

Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).

Data is provided by the National Vulnerability Database (NVD)
MantisMantis Version <= 1.1.1
MantisMantis Version0.9
MantisMantis Version0.9.0
MantisMantis Version0.9.1
MantisMantis Version0.10
MantisMantis Version0.10.0
MantisMantis Version0.10.1
MantisMantis Version0.10.2
MantisMantis Version0.11
MantisMantis Version0.11.0
MantisMantis Version0.11.1
MantisMantis Version0.12
MantisMantis Version0.12.0
MantisMantis Version0.13
MantisMantis Version0.13.0
MantisMantis Version0.13.1
MantisMantis Version0.14
MantisMantis Version0.14.0
MantisMantis Version0.14.1
MantisMantis Version0.14.2
MantisMantis Version0.14.3
MantisMantis Version0.14.4
MantisMantis Version0.14.5
MantisMantis Version0.14.6
MantisMantis Version0.14.7
MantisMantis Version0.14.8
MantisMantis Version0.15
MantisMantis Version0.15.0
MantisMantis Version0.15.1
MantisMantis Version0.15.2
MantisMantis Version0.15.3
MantisMantis Version0.15.4
MantisMantis Version0.15.5
MantisMantis Version0.15.6
MantisMantis Version0.15.7
MantisMantis Version0.15.8
MantisMantis Version0.15.9
MantisMantis Version0.15.10
MantisMantis Version0.15.11
MantisMantis Version0.15.12
MantisMantis Version0.16
MantisMantis Version0.16.0
MantisMantis Version0.16.1
MantisMantis Version0.17
MantisMantis Version0.17.0
MantisMantis Version0.17.1
MantisMantis Version0.17.2
MantisMantis Version0.17.3
MantisMantis Version0.17.4
MantisMantis Version0.17.4a
MantisMantis Version0.17.5
MantisMantis Version0.18
MantisMantis Version0.18.0
MantisMantis Version0.18.0_rc1
MantisMantis Version0.18.0a1
MantisMantis Version0.18.0a2
MantisMantis Version0.18.0a3
MantisMantis Version0.18.0a4
MantisMantis Version0.18.1
MantisMantis Version0.18.2
MantisMantis Version0.18.3
MantisMantis Version0.18a1
MantisMantis Version0.19
MantisMantis Version0.19.0
MantisMantis Version0.19.0_rc1
MantisMantis Version0.19.0a
MantisMantis Version0.19.0a1
MantisMantis Version0.19.0a2
MantisMantis Version0.19.1
MantisMantis Version0.19.2
MantisMantis Version0.19.3
MantisMantis Version0.19.4
MantisMantis Version1.0
MantisMantis Version1.0.0
MantisMantis Version1.0.0_rc1
MantisMantis Version1.0.0_rc2
MantisMantis Version1.0.0_rc3
MantisMantis Version1.0.0_rc4
MantisMantis Version1.0.0_rc5
MantisMantis Version1.0.0a1
MantisMantis Version1.0.0a2
MantisMantis Version1.0.0a3
MantisMantis Version1.0.0rc1
MantisMantis Version1.0.0rc2
MantisMantis Version1.0.0rc3
MantisMantis Version1.0.0rc4
MantisMantis Version1.0.1
MantisMantis Version1.0.2
MantisMantis Version1.0.3
MantisMantis Version1.0.4
MantisMantis Version1.0.5
MantisMantis Version1.0.6
MantisMantis Version1.1
MantisMantis Version1.1.0
MantisMantis Version1.1.0a1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.578
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.