4 matches found
Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...
CVE-2017-7620
MantisBT (versions before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1) omits a backslash check in string_api.php, causing conflicting interpretation of an initial / substring as either a local path or a remote hostname. This enables: (1) arbitrary Permalink Injection via CSRF on permalink_pa...
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery
Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...
Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...