Candidate: CVE-2008-4687
PublicDate: 2008-10-22 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687
Description:
 manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated
 users to execute arbitrary code via a sort parameter containing PHP
 sequences, which are processed by create_function within the multi_sort
 function in core/utility_api.php.
Ubuntu-Description:
Notes:
 kees> requires a registered user.
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/mantis/+bug/481631
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_mantis:
upstream_mantis: released (1.1.4)
dapper_mantis: ignored (reached end-of-life)
gutsy_mantis: needed (reached end-of-life)
hardy_mantis: ignored (reached end-of-life)
intrepid_mantis: needed (reached end-of-life)
jaunty_mantis: not-affected (1.1.6+dfsg-2)
karmic_mantis: not-affected (1.1.6+dfsg-2)
lucid_mantis: not-affected (1.1.6+dfsg-2)
maverick_mantis: not-affected (1.1.6+dfsg-2)
natty_mantis: not-affected (1.1.6+dfsg-2)
oneiric_mantis: not-affected (1.1.6+dfsg-2)
devel_mantis: not-affected (1.1.6+dfsg-2)