CVE-2005-3336
Description
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
Root cause
"The advisory does not disclose the root cause beyond stating that SQL injection is possible via unknown vectors."
Attack vector
A remote attacker can send crafted input to unknown vectors in Mantis 1.0.0RC2 and 0.19.2 to inject arbitrary SQL commands. The advisory does not describe the network path, payload shape, or preconditions required. No CWE is pre-assigned in the bundle, and the reference write-up does not name a weakness class, so no CWE citation is added.
Affected code
The advisory does not specify the exact files or functions vulnerable to SQL injection in Mantis 1.0.0RC2 and 0.19.2. The referenced changelog page [ref_id=1] lists many later security fixes but does not identify the specific code path for this CVE.
What the fix does
No patch is included in the bundle. The advisory does not provide remediation guidance beyond the general note that this is a security issue. The changelog [ref_id=1] does not list a corresponding fix entry for CVE-2005-3336.
Preconditions
- inputThe advisory does not specify any preconditions.
Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- secunia.com/advisories/16818nvdPatchVendor Advisory
- bugs.mantisbt.org/changelog_page.phpnvd
- secunia.com/advisories/16506nvd
- secunia.com/advisories/17362nvd
- secunia.com/advisories/17654nvd
- sourceforge.net/project/shownotes.phpnvd
- www.debian.org/security/2005/dsa-905nvd
- www.gentoo.org/security/en/glsa/glsa-200510-24.xmlnvd
- www.osvdb.org/20324nvd
- www.securityfocus.com/bid/15227nvd
- www.vupen.com/english/advisories/2005/2221nvd
News mentions
0No linked articles in our index yet.