Every CVE whose affected-product data names Mantis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2006-6515 — CVSS 10.0 (critical): Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has…
CVE-2006-0665 — CVSS 10.0 (critical): Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack…
CVE-2002-1110 — CVSS 10.0 (critical): Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers…
CVE-2008-4687 — CVSS 9.0 (critical): manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP…
CVE-2004-1734 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1)…
CVE-2002-1113 — CVSS 7.5 (high): summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the…
CVE-2002-1114 — CVSS 7.5 (high): config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1)…
CVE-2002-1116 — CVSS 7.5 (high): The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have…
CVE-2005-2556 — CVSS 7.5 (high): core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal…
CVE-2005-3335 — CVSS 7.5 (high): PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute…
CVE-2005-3336 — CVSS 7.5 (high): SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4519 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers…
CVE-2006-0146 — CVSS 7.5 (high): The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4)…
CVE-2006-0147 — CVSS 7.5 (high): Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including…
CVE-2008-3333 — CVSS 7.5 (high): Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary…
CVE-2008-4689 — CVSS 7.5 (high): Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
CVE-2005-3339 — CVSS 7.2 (high): Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVE-2006-1577 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to…
CVE-2008-3332 — CVSS 6.5 (medium): Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary…
CVE-2006-6574 — CVSS 5.0 (medium): Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain…
CVE-2004-1731 — CVSS 5.0 (medium): signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail…
CVE-2005-4520 — CVSS 5.0 (medium): Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to…
CVE-2005-3338 — CVSS 5.0 (medium): Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
CVE-2005-4523 — CVSS 5.0 (medium): Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
CVE-2008-4688 — CVSS 5.0 (medium): core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the…
CVE-2002-1111 — CVSS 5.0 (medium): print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug…
CVE-2006-0840 — CVSS 5.0 (medium): manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows…
CVE-2002-1115 — CVSS 5.0 (medium): Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1)…
CVE-2004-2666 — CVSS 5.0 (medium): Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which…
CVE-2002-1112 — CVSS 5.0 (medium): Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View…
CVE-2005-3091 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2005-3337 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML…
CVE-2005-4238 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject…
CVE-2005-4522 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote…
CVE-2006-0664 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web…
CVE-2006-0841 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or…
CVE-2004-1730 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the…
CVE-2005-3090 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject…
CVE-2008-0404 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors…
CVE-2007-6611 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML…
CVE-2005-2557 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary…
CVE-2003-0499 — CVSS 3.6 (low): Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to…
CVE-2008-3331 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary…