CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1114

HIGH
7.5
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile10.09th
PublishedOct 4, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.

Affected Platforms (CPE)

πŸ“¦
Mantis

Mantis

= 0.17.0
πŸ“¦
Mantis

Mantis

= 0.17.1
πŸ“¦
Mantis

Mantis

= 0.17.2
πŸ“¦
Mantis

Mantis

= 0.17.3

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=102978711618648&w=2
πŸ”— http://www.debian.org/security/2002/dsa-153
πŸ”— http://www.iss.net/security_center/static/9900.php
πŸ”— http://www.securityfocus.com/bid/5509
πŸ”— http://marc.info/?l=bugtraq&m=102978711618648&w=2
πŸ”— http://www.debian.org/security/2002/dsa-153
πŸ”— http://www.iss.net/security_center/static/9900.php
πŸ”— http://www.securityfocus.com/bid/5509

Related Vulnerabilities

CVE-2006-651510.0

Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which h...

CVE-2002-111010.0

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote ...

CVE-2006-066510.0

Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and atta...

CVE-2008-46879.0

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter conta...