Lucene search
MitreCVELIST:CVE-2017-7620HistoryMay 21, 2017 - 2:00 p.m.
CVE-2017-7620
2017-05-2114:00:00
mitre
www.cve.org
2
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
Related
nvd
nvd
CVE-2017-7620
2017-05-21 14:29:00
openvas
openvas
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.0 CSRF Vulnerability - Windows
2017-05-23 00:00:00
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.0 CSRF Vulnerability - Linux
2017-05-23 00:00:00
packetstorm
packetstorm
Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery
2017-05-22 00:00:00
zdt
zdt
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery Vulnerability
2017-05-21 00:00:00
exploitpack
exploitpack
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery
2017-05-20 00:00:00
exploitdb
exploitdb
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
2017-05-20 00:00:00
cve
cve
CVE-2017-7620
2017-05-21 14:29:00
osv
osv
CVE-2017-7620
2017-05-21 14:29:00
prion
prion
Open redirect
2017-05-21 14:29:00