The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote version of Mantis suffers from a remote file inclusion vulnerability. Provided PHP's 'register_globals' setting is enabled, An attacker may be able to leverage this issue to read arbitrary files on the local host or to execute arbitrary PHP code, possibly taken from third-party hosts. In addition, the installed version reportedly may be prone to SQL injection, cross-site scripting, and information disclosure attacks.

Upgrade to Mantis 0.19.3 or newer.

• http://secunia.com/secunia_research/2005-46/advisory/
• http://sourceforge.net/mailarchive/forum.php?thread_id=8517463&forum_id=7369

---

Updated on 2015-03-25