1. CVE-Search
  2. CVE-2005-3335
ID CVE-2005-3335
Summary PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:0.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:mantis:mantis:1.0.0_rc2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 15212
  • 15227
debian DSA-905
gentoo GLSA-200510-24
misc
sectrack 1015110
secunia
  • 16506
  • 16818
  • 17362
  • 17654
sreason 121
vupen ADV-2005-2221
xf mantis-tcorepath-file-include(22886)
Last major update 11-07-2017 - 01:33
Published 27-10-2005 - 10:02
Last modified 11-07-2017 - 01:33
Back to Top