diff -ur mantis-0.19.2/core/database_api.php mantis-0.19.2.patched/core/database_api.php
--- mantis-0.19.2/core/database_api.php	2004-12-09 13:55:06.000000000 -0500
+++ mantis-0.19.2.patched/core/database_api.php	2005-09-14 07:12:11.000000000 -0400
@@ -9,6 +9,13 @@
 	# $Id: 0.19.2-debian.patch,v 1.1 2005/09/14 11:21:19 rl03 Exp $
 	# --------------------------------------------------------
 
+	#
+	# Patch for #0005956: Database system scanner via variable poisoning
+	#
+	
+	if (isset($_REQUEST["g_db_type"]))
+		die("");
+
 	### Database ###
 
 	# This is the general interface for all database calls.
diff -ur mantis-0.19.2/core/filter_api.php mantis-0.19.2.patched/core/filter_api.php
--- mantis-0.19.2/core/filter_api.php	2004-11-19 08:06:30.000000000 -0500
+++ mantis-0.19.2.patched/core/filter_api.php	2005-09-14 07:13:54.000000000 -0400
@@ -753,7 +753,7 @@
 ?> 
 
 		<br />
-		<form method="post" name="filters" action="<?php PRINT $t_action; ?>">
+		<form method="post" name="filters" action="<?php PRINT htmlentities($t_action); ?>">
 		<input type="hidden" name="type" value="5" />
 		<?php
 			if ( $p_for_screen == false ) {
@@ -761,10 +761,10 @@
 				PRINT '<input type="hidden" name="offset" value="0" />';
 			}
 		?>
-		<input type="hidden" name="sort" value="<?php PRINT $t_sort ?>" />
-		<input type="hidden" name="dir" value="<?php PRINT $t_dir ?>" />
-		<input type="hidden" name="page_number" value="<?php PRINT $p_page_number ?>" />
-		<input type="hidden" name="view_type" value="<?php PRINT $t_view_type ?>" />
+		<input type="hidden" name="sort" value="<?php PRINT htmlentities($t_sort) ?>" />
+		<input type="hidden" name="dir" value="<?php PRINT htmlentities($t_dir) ?>" />
+		<input type="hidden" name="page_number" value="<?php PRINT htmlentities($p_page_number) ?>" />
+		<input type="hidden" name="view_type" value="<?php PRINT htmlentities($t_view_type) ?>" />
 		<table class="width100" cellspacing="1">
 		
 		<?php
diff -ur mantis-0.19.2/login_page.php mantis-0.19.2.patched/login_page.php
--- mantis-0.19.2/login_page.php	2004-08-14 11:26:20.000000000 -0400
+++ mantis-0.19.2.patched/login_page.php	2005-09-14 07:11:16.000000000 -0400
@@ -138,14 +138,13 @@
 			echo '</div>';
 		}
 	}
-
-	# Check if the admin directory is available and is readable.
-	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
-	if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
-			echo '<div class="warning" align="center">', "\n";
-			echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
-			echo '</div>', "\n";
-	}
+#      # Check if the admin directory is available and is readable.
+#      $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
+#      if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
+#                      echo '<div class="warning" align="center">', "\n";
+#                      echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
+#                      echo '</div>', "\n";
+#      }
 ?>
 
 <!-- Autofocus JS -->
