NVD

Id
4501  
Name
CVE-2008-4687  
Description
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.  
Reject
 
CVSS Version
2  
CVSS Score
9  
Severity
High  
CVSS Base Score
9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-10-22  
Modified Date
2009-08-19  
Seq
2008-4687  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
28329 4501 CVE-2008-4687 http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679  View
28330 4501 CVE-2008-4687 4470  View
28331 4501 CVE-2008-4687 GLSA-200812-07  View
28332 4501 CVE-2008-4687 http://www.mantisbt.org/bugs/changelog_page.php  View
28333 4501 CVE-2008-4687 http://www.mantisbt.org/bugs/view.php?id=0009704  View
28334 4501 CVE-2008-4687 6768  View
28335 4501 CVE-2008-4687 [oss-security] 20081019 CVE request: mantisbt < 1.1.4: RCE  View
28336 4501 CVE-2008-4687 31789  View
28337 4501 CVE-2008-4687 mantis-sort-code-execution(45942)  View
28338 4501 CVE-2008-4687 https://bugs.gentoo.org/show_bug.cgi?id=242722  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47099 JVNDB-2008-002409 Mantis の manage_proj_page.php における任意のコードを実行される脆弱性 Mantis の manage_proj_page.php には、任意のコードを実行される脆弱性が存在します。 CVE-2008-4687 34800 CVE-2008-4687 4501 9 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002409.html 2008-10-22 2009-07-08 View