Описание
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mantis:mantis:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.2:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.17.3:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02116
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 23 лет назад
config_inc2.php in Mantis before 0.17.4 allows remote attackers to exe ...
github
больше 3 лет назад
config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie.
EPSS
Процентиль: 84%
0.02116
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other