4 matches found
Debian DSA-3120-1 : mantis - security update
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Debian Security Advisory DSA 3120-1 (mantis - security update)
Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code. OpenVAS Vulnerability Test $Id: deb3120.nasl 6609 2017-07-07 12:05:59Z...
CVE-2014-9388
bugreport.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handlerid parameter...
CVE-2014-9388
CVE-2014-9388 affects MantisBT prior to 1.2.18, where bug_report.php can allow remote attackers to assign arbitrary issues via the handler_id parameter. This is a behavioral flaw in the issue assignment flow, enabling potential misrouting or manipulation of issues without authentication beyond th...