CVE-2004-1734

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.

Affected (1)

Products: Mantis: Mantis

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mantis Mantis	Version 0.19.0a

References (6)

http://marc.info/?l=bugtraq&m=109313416727851&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/10993

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/17065

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=109313416727851&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10993

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/17065

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.