6.5

CVE-2017-7620

Exploit
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MantisbtMantisbt Version <= 1.3.10
MantisbtMantisbt Version2.0.0
MantisbtMantisbt Version2.0.1
MantisbtMantisbt Version2.1.0
MantisbtMantisbt Version2.1.1
MantisbtMantisbt Version2.1.2
MantisbtMantisbt Version2.2.0
MantisbtMantisbt Version2.2.2
MantisbtMantisbt Version2.2.3
MantisbtMantisbt Version2.2.4
MantisbtMantisbt Version2.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.681
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt
Third Party Advisory
Exploit
http://www.securitytracker.com/id/1038538
https://mantisbt.org/bugs/view.php?id=22702
Issue Tracking
https://mantisbt.org/bugs/view.php?id=22816
Issue Tracking
https://www.exploit-db.com/exploits/42043/
Third Party Advisory
Exploit