Skip to main content

CVE-2005-2556

Severity High
Score 7.5/10

Summary

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published