CVE-2008-4687 - Vulnerability Details - OpenCVE

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mantis	Mantis

Configuration 1 [-]

OR	cpe:2.3:a:mantis:mantis::::::::
	cpe:2.3:a:mantis:mantis:0.19.3:::::::*
	cpe:2.3:a:mantis:mantis:0.19.4:::::::*
	cpe:2.3:a:mantis:mantis:1.0.1:::::::*
	cpe:2.3:a:mantis:mantis:1.0.2:::::::*
	cpe:2.3:a:mantis:mantis:1.0.3:::::::*
	cpe:2.3:a:mantis:mantis:1.0.4:::::::*
	cpe:2.3:a:mantis:mantis:1.0.5:::::::*
	cpe:2.3:a:mantis:mantis:1.0.6:::::::*
	cpe:2.3:a:mantis:mantis:1.0.7:::::::*
	cpe:2.3:a:mantis:mantis:1.0.8:::::::*
	cpe:2.3:a:mantis:mantis:1.1.1:::::::*
	cpe:2.3:a:mantis:mantis:1.1.2:::::::*

No data.

References

Link	Providers
http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679
http://secunia.com/advisories/32314
http://secunia.com/advisories/32975
http://securityreason.com/securityalert/4470
http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml
http://www.mantisbt.org/bugs/changelog_page.php
http://www.mantisbt.org/bugs/view.php?id=0009704
http://www.openwall.com/lists/oss-security/2008/10/19/1
http://www.securityfocus.com/bid/31789
https://bugs.gentoo.org/show_bug.cgi?id=242722
https://exchange.xforce.ibmcloud.com/vulnerabilities/45942
https://www.exploit-db.com/exploits/44611/
https://www.exploit-db.com/exploits/6768

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-22T17:00:00

Updated: 2024-08-07T10:24:20.945Z

Reserved: 2008-10-22T00:00:00

Link: CVE-2008-4687

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-22T18:00:01.207

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4687

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-16T00:00:00", "descriptions": [{"lang": "en", "value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-12T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"}, {"name": "32975", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32975"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679"}, {"name": "31789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31789"}, {"name": "GLSA-200812-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mantisbt.org/bugs/view.php?id=0009704"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mantisbt.org/bugs/changelog_page.php"}, {"name": "44611", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44611/"}, {"name": "32314", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32314"}, {"name": "[oss-security] 20081019 CVE request: mantisbt < 1.1.4: RCE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"}, {"name": "6768", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6768"}, {"name": "mantis-sort-code-execution(45942)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"}, {"name": "4470", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4470"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.gentoo.org/show_bug.cgi?id=242722", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"}, {"name": "32975", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32975"}, {"name": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679", "refsource": "CONFIRM", "url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679"}, {"name": "31789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31789"}, {"name": "GLSA-200812-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"}, {"name": "http://www.mantisbt.org/bugs/view.php?id=0009704", "refsource": "CONFIRM", "url": "http://www.mantisbt.org/bugs/view.php?id=0009704"}, {"name": "http://www.mantisbt.org/bugs/changelog_page.php", "refsource": "CONFIRM", "url": "http://www.mantisbt.org/bugs/changelog_page.php"}, {"name": "44611", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44611/"}, {"name": "32314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32314"}, {"name": "[oss-security] 20081019 CVE request: mantisbt < 1.1.4: RCE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"}, {"name": "6768", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6768"}, {"name": "mantis-sort-code-execution(45942)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"}, {"name": "4470", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4470"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:24:20.945Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"}, {"name": "32975", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32975"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679"}, {"name": "31789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31789"}, {"name": "GLSA-200812-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mantisbt.org/bugs/view.php?id=0009704"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mantisbt.org/bugs/changelog_page.php"}, {"name": "44611", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44611/"}, {"name": "32314", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32314"}, {"name": "[oss-security] 20081019 CVE request: mantisbt < 1.1.4: RCE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"}, {"name": "6768", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6768"}, {"name": "mantis-sort-code-execution(45942)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"}, {"name": "4470", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4470"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4687", "datePublished": "2008-10-22T17:00:00", "dateReserved": "2008-10-22T00:00:00", "dateUpdated": "2024-08-07T10:24:20.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*", "matchCriteriaId": "132BAF7E-8047-417F-8C78-1C1FBDAF97A0", "versionEndIncluding": "1.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D8E7458-6655-4C86-85A9-81004FF38321", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "AE92E018-C25C-468D-9EF5-5665F0B42EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA5AE0B4-15AB-49E7-9B97-96BA322B0966", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "48069606-59B6-4D20-B909-997CA7EDBD2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E42CD1CB-49E7-484B-9629-78A24B754346", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F95B327F-94A8-4D4F-A330-1B9BF4B764FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "215420D5-4690-45BE-AE84-CF1522523299", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "5621726F-CA50-4336-9BCE-55F39BE5CDCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1B0ECF83-F61A-4745-AA0D-4822A38F24DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "91621575-AF90-4C01-AA87-A99C304227D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAEE63A1-106C-4E50-8B6F-D134C69FD194", "vulnerable": true}, {"criteria": "cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C7729C7E-ECC1-48D0-BFF7-82A8D96DC0AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php."}, {"lang": "es", "value": "manage_proj_page.php en Mantis v1.1.4, permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro \"sort\" que contiene secuencias PHP y que es procesado por create_function dentro de la funci\u00f3n multi_sort en core/utility_api.php."}], "id": "CVE-2008-4687", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-22T18:00:01.207", "references": [{"source": "cve@mitre.org", "url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32314"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32975"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4470"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"}, {"source": "cve@mitre.org", "url": "http://www.mantisbt.org/bugs/changelog_page.php"}, {"source": "cve@mitre.org", "url": "http://www.mantisbt.org/bugs/view.php?id=0009704"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/31789"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/44611/"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/utility_api.php?r1=5679&r2=5678&pathrev=5679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32314"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mantisbt.org/bugs/changelog_page.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mantisbt.org/bugs/view.php?id=0009704"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/19/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=242722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44611/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6768"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}