Unrated severityNVD Advisory· Published Oct 22, 2008· Updated Apr 23, 2026
CVE-2008-4687
CVE-2008-4687
Description
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
Affected products
13cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*range: <=1.1.3
- cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- secunia.com/advisories/32314nvdVendor Advisory
- mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.phpnvd
- secunia.com/advisories/32975nvd
- securityreason.com/securityalert/4470nvd
- www.gentoo.org/security/en/glsa/glsa-200812-07.xmlnvd
- www.mantisbt.org/bugs/changelog_page.phpnvd
- www.mantisbt.org/bugs/view.phpnvd
- www.openwall.com/lists/oss-security/2008/10/19/1nvd
- www.securityfocus.com/bid/31789nvd
- bugs.gentoo.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45942nvd
- www.exploit-db.com/exploits/44611/nvd
- www.exploit-db.com/exploits/6768nvd
News mentions
0No linked articles in our index yet.