This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200809-10
(Mantis: Multiple vulnerabilities)
Antonio Parata and Francesco Ongaro reported a Cross-Site Request
Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a
Cross-Site Scripting vulnerability in return_dynamic_filters.php
(CVE-2008-3331), and an insufficient input validation in
adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability
in core/lang_api.php (CVE-2008-3333) has also been reported.
A remote attacker could exploit these vulnerabilities to execute
arbitrary HTML and script code, create arbitrary users with
administrative privileges, execute arbitrary PHP commands, and include
There is no known workaround at this time.
See also :
All Mantis users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/mantisbt-1.1.2'
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true