7.1 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.2%
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).