Lucene search
GoogleOSV:CVE-2017-7620HistoryMay 21, 2017 - 2:29 p.m.
CVE-2017-7620
2017-05-2114:29:00
Google
osv.dev
8
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
Related
nvd
nvd
CVE-2017-7620
2017-05-21 14:29:00
openvas
openvas
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.0 CSRF Vulnerability - Windows
2017-05-23 00:00:00
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.0 CSRF Vulnerability - Linux
2017-05-23 00:00:00
prion
prion
Open redirect
2017-05-21 14:29:00
packetstorm
packetstorm
Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery
2017-05-22 00:00:00
zdt
zdt
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery Vulnerability
2017-05-21 00:00:00
exploitpack
exploitpack
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery
2017-05-20 00:00:00
cvelist
cvelist
CVE-2017-7620
2017-05-21 14:00:00
exploitdb
exploitdb
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
2017-05-20 00:00:00
cve
cve
CVE-2017-7620
2017-05-21 14:29:00