manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-02-22T02:00:00
Updated: 2018-10-18T14:57:01
Reserved: 2006-02-22T00:00:00
Link: CVE-2006-0840
JSON object: View
NVD Information
Status : Modified
Published: 2006-02-22T02:02:00.000
Modified: 2018-10-18T16:29:23.227
Link: CVE-2006-0840
JSON object: View
Redhat Information
No data.
CWE