CVE-2008-4687

Mantis < 1.1.3 - Code Injection

Title source: rule

Description

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/44611
exploitdb WORKING POC VERIFIED
by EgiX · textwebappsphp
https://www.exploit-db.com/exploits/6768
nomisec WORKING POC 3 stars
by nmurilo · poc
https://github.com/nmurilo/CVE-2008-4687-exploit
nomisec WORKING POC
by twisted007 · poc
https://github.com/twisted007/mantis_rce
metasploit WORKING POC EXCELLENT
by EgiX, Lars Sorenson · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mantisbt_manage_proj_page_rce.rb

References (13)

Scores

EPSS 0.7923
EPSS Percentile 99.1%

Details

CWE
CWE-94
Status published
Products (13)
mantis/mantis 0.19.3
mantis/mantis 0.19.4
mantis/mantis 1.0.1
mantis/mantis 1.0.2
mantis/mantis 1.0.3
mantis/mantis 1.0.4
mantis/mantis 1.0.5
mantis/mantis 1.0.6
mantis/mantis 1.0.7
mantis/mantis 1.0.8
... and 3 more
Published Oct 22, 2008
Tracked Since Feb 18, 2026