SQL Injection Vulnerabilities in Mantis 0.17.2 and Earlier

SQL Injection Vulnerabilities in Mantis 0.17.2 and Earlier

CVE-2002-1110 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.