CVE-2008-4687 in Mantisinfo

Summary

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

10/22/2008

Disclosure

10/22/2008

Moderation

VulDB entry created

Entries

VDB-44658 (1)

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

9.9

EPSS

0.79225

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-4687
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4687
CVE Details	https://www.cvedetails.com/cve/CVE-2008-4687/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!