Summary
MantisBT is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.
Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
MantisBT 1.2.6 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2011-2938 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability