| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2005-3335 | 7.5 |
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
|
11-07-2017 - 01:33 | 27-10-2005 - 10:02 | |
| CVE-2005-3336 | 7.5 |
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
08-03-2011 - 02:26 | 27-10-2005 - 10:02 | |
| CVE-2005-3339 | 7.2 |
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
|
05-09-2008 - 20:54 | 27-10-2005 - 10:02 | |
| CVE-2005-3337 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
|
05-09-2008 - 20:54 | 27-10-2005 - 10:02 | |
| CVE-2005-3338 | 5.0 |
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
|
05-09-2008 - 20:54 | 27-10-2005 - 10:02 |