5 matches found
GLSA-200812-07 : Mantis: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200812-07 Mantis: Multiple vulnerabilities Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.p...
CVE-2008-4688
core/stringapi.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number...
Immunity Canvas: MANTIS113
Name| mantis113 ---|--- CVE| CVE-2008-4688 Exploit Pack| CANVAS Description| Mantis BugTracker = 1.1.3 Remote Code Execution Notes| CVE Name: CVE-2008-4688 VENDOR: Mantis Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2008-4688 References: 'None' CVSS: 5.0...
CVE-2008-4688
core/stringapi.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number...
CVE-2008-4688
Vulnerability summary (CVE-2008-4688) : Mantis before 1.1.3 does not verify viewer privileges when building a link that includes issue data in the source anchor, allowing remote attackers to discover an issue’s title and status by tampering the issue number. This is documented across multiple sou...