CVE-2006-0840

by Fred · 21/02/2006

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ‘ (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.

Date published : 2006-02-21

http://www.securityfocus.com/bid/16657

http://www.securityfocus.com/archive/1/425046/100/0/threaded

CVE-2006-0840

Similar

Recent Posts

Categories

CVE-2006-0840

Share this:

Similar

Recent Posts

Categories

Tags