Summary
The remote web server contains a PHP application that is affected by several flaws.
Description :
According to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the 'g_db_type' parameter of the 'core/database_api.php' script. Provided PHP's 'register_globals' setting is enabled, an attacker may be able to exploit this to connect to arbitrary databases as well as scan for arbitrary open ports, even on an internal network. In addition, it is reportedly prone to multiple cross-site scripting issues.
Solution
Upgrade to Mantis 1.0.0rc2 or newer.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-2556, CVE-2005-2557, CVE-2005-3090, CVE-2005-3091 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Adobe ColdFusion Information Disclosure Vulnerability
- AstroSPACES profile.php SQL Injection Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution