CVE-2008-4688

2008-10-22T18:00:00
ID CVE-2008-4688
Type cve
Reporter cve@mitre.org
Modified 2009-02-10T06:56:00

Description

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.