MantisBT Multiple Vulnerabilities Network Vulnerability

Summary

This host is running MantisBT and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to inject arbitrary web script or HTML, obtain sensitive information and execute arbitrary local files. Impact Level: Application.

Solution

Upgrade to MantisBT version 1.2.4 or later For updates refer to http://www.mantisbt.org/download.php

Insight

The flaws are caused by improper validation of user-supplied input via the 'db_type' parameter in 'admin/upgrade_unattended.php' that allows the attackers to inject arbitrary web script or HTML, obtain sensitive information and execute arbitrary local files.

Affected

MantisBT version prior to 1.2.4

References

http://www.mantisbt.org/bugs/view.php?id=12607
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4348, CVE-2010-4349, CVE-2010-4350

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Apache Tomcat DOS Device Name XSS
Apache Tomcat source.jsp malformed request information disclosure
Apache Subversion Module Metadata Accessible
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

Take action and discover your vulnerabilities