{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Mantis version 0.19.2 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Mantis version 1.0.0rc2 et versions ant\u00e9rieures.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le logiciel de remont\u00e9e\nd'erreur Mantis. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es \u00e0 distance\npar un utilisateur mal-intentionn\u00e9.\n\nL'exploitation de ces vuln\u00e9rabilit\u00e9s peut conduire \u00e0 la d\u00e9pose de\nfichiers arbitraires \u00e0 distance, et/ou \u00e0 l'ex\u00e9cution de code SQL\narbitraire \u00e0 distance.\n\n## Solution\n\nUtiliser Mantis version 0.19.3:\n\n    http://sourceforge.net/project/shownotes.php?release_id=362673\n","cves":[],"links":[],"reference":"CERTA-2005-AVI-425","revisions":[{"description":"version initiale.","revision_date":"2005-10-31T00:00:00.000000"}],"risks":[{"description":"Acc\u00e8s illicite au syst\u00e8me \u00e0 distance"},{"description":"Injection de donn\u00e9es SQL"}],"summary":null,"title":"Multiples vuln\u00e9rabilit\u00e9 dans Mantis","vendor_advisories":[{"published_at":null,"title":"Bulletin de mise \u00e0 jour de Mantis","url":"http://sourceforge.net/project/shownotes.php?release_id=362673"}]}