CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1110

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile12.59th
PublishedOct 4, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.

Affected Platforms (CPE)

πŸ“¦
Mantis

Mantis

= 0.15.3
πŸ“¦
Mantis

Mantis

= 0.15.4
πŸ“¦
Mantis

Mantis

= 0.15.5
πŸ“¦
Mantis

Mantis

= 0.15.6
πŸ“¦
Mantis

Mantis

= 0.15.7
πŸ“¦
Mantis

Mantis

= 0.15.8
πŸ“¦
Mantis

Mantis

= 0.15.9
πŸ“¦
Mantis

Mantis

= 0.15.10
πŸ“¦
Mantis

Mantis

= 0.15.11
πŸ“¦
Mantis

Mantis

= 0.15.12
πŸ“¦
Mantis

Mantis

= 0.16.0
πŸ“¦
Mantis

Mantis

= 0.16.1
πŸ“¦
Mantis

Mantis

= 0.17.0
πŸ“¦
Mantis

Mantis

= 0.17.1
πŸ“¦
Mantis

Mantis

= 0.17.2

References & Advisories

πŸ”— http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
πŸ”— http://marc.info/?l=bugtraq&m=102978728718851&w=2
πŸ”— http://www.debian.org/security/2002/dsa-153
πŸ”— http://www.iss.net/security_center/static/9897.php
πŸ”— http://www.securityfocus.com/bid/5510
πŸ”— http://mantisbt.sourceforge.net/advisories/2002/2002-01.txt
πŸ”— http://marc.info/?l=bugtraq&m=102978728718851&w=2
πŸ”— http://www.debian.org/security/2002/dsa-153

Related Vulnerabilities

CVE-2006-651510.0

Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which h...

CVE-2006-066510.0

Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and atta...

CVE-2008-46879.0

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter conta...

CVE-2002-11147.5

config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the paramete...