Remote Database Connection Vulnerability in Mantis 0.19.0a1 through 1.0.0a3

Remote Database Connection Vulnerability in Mantis 0.19.0a1 through 1.0.0a3

CVE-2005-2556 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

Learn more about our Api Penetration Testing.