Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbeb
Gentoo Linux Security Advisory GLSA 200812-07 - Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Versions less than 1.1.4-r1 are affected.
3f1f1bc50386386a5b67c2ecfd59d0590df90324100507755a9560bfcc1d9016