CVE-2005-2556

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

Date published : 2005-08-24

http://www.securityfocus.com/bid/14604

http://marc.info/?l=bugtraq&m=112786017426276&w=2