Detections
Analytics

Mantis < 0.19.1 Multiple Vulnerabilities

medium Nessus Plugin ID 15651

Language:

Synopsis

The remote web server contains a PHP application that is prone to multiple vulnerabilities.

Description

According to its banner, the remote version of Mantis suffers from several information disclosure vulnerabilities that could allow an attacker to view stats of all projects or to receive information for a project after the malicious user was removed from it.

Solution

Upgrade to Mantis 0.19.1 or newer.

See Also

http://bugs.mantisbt.org/view.php?id=3117

http://bugs.mantisbt.org/view.php?id=4341

Plugin Details

Severity: Medium

ID: 15651

File Name: mantis_multiple_vulns3.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 11/9/2004

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: Settings/ParanoidReport, installed_sw/MantisBT

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 11622