NVD Vulnerability Detail

CVE-2006-0840

Summary	manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
Publication Date	Feb. 22, 2006, 11:02 a.m.
Registration Date	Jan. 29, 2021, 3:32 p.m.
Last Update	Oct. 19, 2018, 1:29 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mantis:mantis:0.9:::::::*
cpe:2.3:a:mantis:mantis:0.9.0:::::::*
cpe:2.3:a:mantis:mantis:0.9.1:::::::*
cpe:2.3:a:mantis:mantis:0.10:::::::*
cpe:2.3:a:mantis:mantis:0.10.0:::::::*
cpe:2.3:a:mantis:mantis:0.10.1:::::::*
cpe:2.3:a:mantis:mantis:0.10.2:::::::*
cpe:2.3:a:mantis:mantis:0.11:::::::*
cpe:2.3:a:mantis:mantis:0.11.0:::::::*
cpe:2.3:a:mantis:mantis:0.11.1:::::::*
cpe:2.3:a:mantis:mantis:0.12:::::::*
cpe:2.3:a:mantis:mantis:0.12.0:::::::*
cpe:2.3:a:mantis:mantis:0.13:::::::*
cpe:2.3:a:mantis:mantis:0.13.0:::::::*
cpe:2.3:a:mantis:mantis:0.13.1:::::::*
cpe:2.3:a:mantis:mantis:0.14:::::::*
cpe:2.3:a:mantis:mantis:0.14.0:::::::*
cpe:2.3:a:mantis:mantis:0.14.1:::::::*
cpe:2.3:a:mantis:mantis:0.14.2:::::::*
cpe:2.3:a:mantis:mantis:0.14.3:::::::*
cpe:2.3:a:mantis:mantis:0.14.4:::::::*
cpe:2.3:a:mantis:mantis:0.14.5:::::::*
cpe:2.3:a:mantis:mantis:0.14.6:::::::*
cpe:2.3:a:mantis:mantis:0.14.7:::::::*
cpe:2.3:a:mantis:mantis:0.14.8:::::::*
cpe:2.3:a:mantis:mantis:0.15:::::::*
cpe:2.3:a:mantis:mantis:0.15.0:::::::*
cpe:2.3:a:mantis:mantis:0.15.1:::::::*
cpe:2.3:a:mantis:mantis:0.15.2:::::::*
cpe:2.3:a:mantis:mantis:0.16:::::::*
cpe:2.3:a:mantis:mantis:0.16.0:::::::*
cpe:2.3:a:mantis:mantis:0.17:::::::*
cpe:2.3:a:mantis:mantis:0.17.0:::::::*
cpe:2.3:a:mantis:mantis:0.17.4a:::::::*
cpe:2.3:a:mantis:mantis:0.18:::::::*
cpe:2.3:a:mantis:mantis:0.18.0:::::::*
cpe:2.3:a:mantis:mantis:0.18.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a1:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a2:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a3:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a4:::::::*
cpe:2.3:a:mantis:mantis:0.18.1:::::::*
cpe:2.3:a:mantis:mantis:0.18.2:::::::*
cpe:2.3:a:mantis:mantis:0.18.3:::::::*
cpe:2.3:a:mantis:mantis:0.18a1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0:::::::*
cpe:2.3:a:mantis:mantis:0.19.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a2:::::::*
cpe:2.3:a:mantis:mantis:0.19.1:::::::*
cpe:2.3:a:mantis:mantis:0.19.2:::::::*
cpe:2.3:a:mantis:mantis:0.19.3:::::::*
cpe:2.3:a:mantis:mantis:0.19.4:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc3:::::::*
cpe:2.3:a:mantis:mantis::::::::		1.0.0_rc4
cpe:2.3:a:mantis:mantis:1.0.0a1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://morph3us.org/advisories/20060214-mantis-100rc4.txt	MISC	Exploit Patch Vendor Advisory
2	http://sourceforge.net/project/showfiles.php?group_id=14963&package_id=12175&release_id=386059	MISC	Patch
3	http://sourceforge.net/project/shownotes.php?release_id=386059&group_id=14963	MISC	Patch
4	http://www.securityfocus.com/archive/1/425046/100/0/threaded	BUGTRAQ
5	http://www.securityfocus.com/bid/16657	BID
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/24726	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mantis:mantis:0.9:::::::*
cpe:2.3:a:mantis:mantis:0.9.0:::::::*
cpe:2.3:a:mantis:mantis:0.9.1:::::::*
cpe:2.3:a:mantis:mantis:0.10:::::::*
cpe:2.3:a:mantis:mantis:0.10.0:::::::*
cpe:2.3:a:mantis:mantis:0.10.1:::::::*
cpe:2.3:a:mantis:mantis:0.10.2:::::::*
cpe:2.3:a:mantis:mantis:0.11:::::::*
cpe:2.3:a:mantis:mantis:0.11.0:::::::*
cpe:2.3:a:mantis:mantis:0.11.1:::::::*
cpe:2.3:a:mantis:mantis:0.12:::::::*
cpe:2.3:a:mantis:mantis:0.12.0:::::::*
cpe:2.3:a:mantis:mantis:0.13:::::::*
cpe:2.3:a:mantis:mantis:0.13.0:::::::*
cpe:2.3:a:mantis:mantis:0.13.1:::::::*
cpe:2.3:a:mantis:mantis:0.14:::::::*
cpe:2.3:a:mantis:mantis:0.14.0:::::::*
cpe:2.3:a:mantis:mantis:0.14.1:::::::*
cpe:2.3:a:mantis:mantis:0.14.2:::::::*
cpe:2.3:a:mantis:mantis:0.14.3:::::::*
cpe:2.3:a:mantis:mantis:0.14.4:::::::*
cpe:2.3:a:mantis:mantis:0.14.5:::::::*
cpe:2.3:a:mantis:mantis:0.14.6:::::::*
cpe:2.3:a:mantis:mantis:0.14.7:::::::*
cpe:2.3:a:mantis:mantis:0.14.8:::::::*
cpe:2.3:a:mantis:mantis:0.15:::::::*
cpe:2.3:a:mantis:mantis:0.15.0:::::::*
cpe:2.3:a:mantis:mantis:0.15.1:::::::*
cpe:2.3:a:mantis:mantis:0.15.2:::::::*
cpe:2.3:a:mantis:mantis:0.16:::::::*
cpe:2.3:a:mantis:mantis:0.16.0:::::::*
cpe:2.3:a:mantis:mantis:0.17:::::::*
cpe:2.3:a:mantis:mantis:0.17.0:::::::*
cpe:2.3:a:mantis:mantis:0.17.4a:::::::*
cpe:2.3:a:mantis:mantis:0.18:::::::*
cpe:2.3:a:mantis:mantis:0.18.0:::::::*
cpe:2.3:a:mantis:mantis:0.18.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a1:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a2:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a3:::::::*
cpe:2.3:a:mantis:mantis:0.18.0a4:::::::*
cpe:2.3:a:mantis:mantis:0.18.1:::::::*
cpe:2.3:a:mantis:mantis:0.18.2:::::::*
cpe:2.3:a:mantis:mantis:0.18.3:::::::*
cpe:2.3:a:mantis:mantis:0.18a1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0:::::::*
cpe:2.3:a:mantis:mantis:0.19.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a1:::::::*
cpe:2.3:a:mantis:mantis:0.19.0a2:::::::*
cpe:2.3:a:mantis:mantis:0.19.1:::::::*
cpe:2.3:a:mantis:mantis:0.19.2:::::::*
cpe:2.3:a:mantis:mantis:0.19.3:::::::*
cpe:2.3:a:mantis:mantis:0.19.4:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0_rc3:::::::*
cpe:2.3:a:mantis:mantis::::::::		1.0.0_rc4
cpe:2.3:a:mantis:mantis:1.0.0a1:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a2:::::::*
cpe:2.3:a:mantis:mantis:1.0.0a3:::::::*