9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.6%
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated
users to execute arbitrary code via a sort parameter containing PHP
sequences, which are processed by create_function within the multi_sort
function in core/utility_api.php.
Author | Note |
---|---|
kees | requires a registered user. |