CVE-2014-6316

2014-12-12T11:59:00
ID CVE-2014-6316
Type cve
Reporter cve@mitre.org
Modified 2017-09-08T01:29:00

Description

core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.