CVE-2002-1111

print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantis:mantis:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-10-04 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2002-1111

Mitre link : CVE-2002-1111

CVE.ORG link : CVE-2002-1111


JSON object : View

Products Affected

mantis

  • mantis
CWE
CWE-264

Permissions, Privileges, and Access Controls