CVE-2010-4350 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350):
Directory traversal vulnerability in admin/upgrade_unattended.php in
MantisBT before 1.2.4 allows remote attackers to include and execute
arbitrary local files via a .. (dot dot) in the db_type parameter, related
to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2010-4349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349):
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote
attackers to obtain sensitive information via an invalid db_type parameter,
which reveals the installation path in an error message, related to an
unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2010-4348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348):
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in
MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script
or HTML via the db_type parameter, related to an unsafe call by MantisBT to
a function in the ADOdb Library for PHP.
CVE-2010-4350 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2010- 4350): unattended. php in
Directory traversal vulnerability in admin/upgrade_
MantisBT before 1.2.4 allows remote attackers to include and execute
arbitrary local files via a .. (dot dot) in the db_type parameter, related
to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2010-4349 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2010- 4349): upgrade_ unattended. php in MantisBT before 1.2.4 allows remote
admin/
attackers to obtain sensitive information via an invalid db_type parameter,
which reveals the installation path in an error message, related to an
unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2010-4348 (http:// nvd.nist. gov/nvd. cfm?cvename= CVE-2010- 4348): unattended. php in
Cross-site scripting (XSS) vulnerability in admin/upgrade_
MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script
or HTML via the db_type parameter, related to an unsafe call by MantisBT to
a function in the ADOdb Library for PHP.