CVE-2002-1113
Mantis <= 0.17.3 - Remote Code Execution via g_jpgraph_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1113. PoCs published by Joao Gouveia.
AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Mantis to include a remote PHP file, leading to arbitrary command execution with webserver privileges. The attacker hosts a malicious PHP file and triggers its inclusion via a crafted HTTP request.
Description
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
Exploits (1)
This exploit leverages a file inclusion vulnerability in Mantis to include a remote PHP file, leading to arbitrary command execution with webserver privileges. The attacker hosts a malicious PHP file and triggers its inclusion via a crafted HTTP request.