threat
engine
.sh
Back
·
··:··
Home
/
Product
/
mantis
Product
mantis
45 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2019-16569
<= 0.26
A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-sp
4.3
MEDIUM
CVE-2008-4689
<= 1.1.2
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions
CVE-2008-4688
<= 1.1.3
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in
CVE-2008-4687
<= 1.1.3
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter conta
CVE-2008-3333
<= 1.1.1
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbit
CVE-2008-3332
<= 1.1.1
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute ar
CVE-2008-3331
<= 1.1.1
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject ar
CVE-2008-2276
all versions
Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new ad
CVE-2008-0404
<= 1.1.0
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via
CVE-2007-6611
<= 1.1.0a1
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script
CVE-2006-6574
<= 1.1.0a1
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to
CVE-2006-6515
<= 1.1.0a1
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which h
CVE-2006-1577
all versions
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attack
CVE-2006-0841
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web s
CVE-2006-0840
<= 1.0.0_rc4
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, whi
CVE-2006-0665
all versions
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and atta
CVE-2006-0664
all versions
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitra
CVE-2006-0147
all versions
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products i
CVE-2006-0146
all versions
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Mood
CVE-2005-4523
<= 1.0.0_rc3
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive informa
CVE-2005-4522
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier all
CVE-2005-4520
all versions
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NO
CVE-2005-4519
<= 0.19.3
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote
CVE-2005-4238
all versions
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject
CVE-2005-3339
all versions
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVE-2005-3338
all versions
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of user
CVE-2005-3337
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script
CVE-2005-3336
all versions
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown ve
CVE-2005-3335
all versions
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to exe
CVE-2005-3091
all versions
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML
CVE-2005-3090
all versions
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to
CVE-2005-2557
all versions
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject
CVE-2005-2556
all versions
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to int
CVE-2004-2666
all versions
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold,
CVE-2004-1734
all versions
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (
CVE-2004-1730
all versions
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (
CVE-2004-1731
all versions
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the sam
CVE-2003-0499
all versions
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local use
CVE-2002-1116
all versions
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do no
CVE-2002-1115
all versions
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_a
CVE-2002-1114
all versions
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the paramete
CVE-2002-1113
all versions
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_
CVE-2002-1112
all versions
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by t
CVE-2002-1111
all versions
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to v
CVE-2002-1110
all versions
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin