CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 2CVE-2017-7620 – Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-7620
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. MantisBT antes de v1.3.11, 2.x antes de v2.3.3 y 2.4.x antes de v2.4.1 omite una verificación de barra invertida en string_api.php y, en consecuencia, tiene interpretaciones conflictivas de una subcadena inicial \/ como introducción de una ruta de acceso local o un host remoto, que conduce a (1) una inyección arbitraria de HTTP a través de ataques CSRF en un URI permalink_page.php?url= y (2) una redirección abierta a través de un URI login_page.php? • https://www.exploit-db.com/exploits/42043 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt http://www.securitytracker.com/id/1038538 https://mantisbt.org/bugs/view.php?id=22702 https://mantisbt.org/bugs/view.php?id=22816 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-7897
https://notcve.org/view.php?id=CVE-2017-7897
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. Una vulnerabilidad XSS en el MantisBT (2.3.x en versiones anteriores a 2.3.2) Timeline incluye página, utilizada en My View (my_view_page.php) y páginas User Information (view_user_page.php), permite a atacantes remotos inyectar código arbitrario (si los ajustes CSP lo permiten) a través de PATH_INFO manipulado en una URL, debido al uso de $_SERVER['PHP_SELF'] no desinfectado para generar URLs. • http://www.mantisbt.org/bugs/view.php?id=22742 http://www.securitytracker.com/id/1038278 https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1 https://github.com/mantisbt/mantisbt/pull/1094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4CVE-2017-7615 – Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. MantisBT hasta la versión 2.3.0 permite reinicio de contraseña arbitrario y acceso de administrador no autenticado a través de un valor confirm_hash vacío para verify.php Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability. • https://www.exploit-db.com/exploits/48818 https://www.exploit-db.com/exploits/41890 http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2017/04/16/2 http://www.securityfocus.com/bid/97707 https://mantisbt.org/bugs/view.php?id=22690 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 1CVE-2017-6973
https://notcve.org/view.php?id=CVE-2017-6973
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. Una vulnerabilidad XSS en la página Informe de configuración de MantisBT (adm_config_report.php) permite a atacantes remotos inyectar código arbitrario a través de un parámetro 'acción' creado. Esto se fija en 1.3.8, 2.1.2 y 2.2.2. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22537 http://www.securityfocus.com/bid/97252 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 35EXPL: 1CVE-2017-7241
https://notcve.org/view.php?id=CVE-2017-7241
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page. Una vulnerabilidad XSS en la página MantisBT Move Attachments (move_attachments_page.php, parte de las herramientas de administración) permite a atacantes remotos inyectar código arbitrario mediante un parámetro 'type' manipulado si la configuración de CSP lo permite. • http://openwall.com/lists/oss-security/2017/03/30/4 http://www.mantisbt.org/bugs/view.php?id=22568 http://www.securityfocus.com/bid/97253 http://www.securitytracker.com/id/1038169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •