Mantis < 0.19.1 Multiple Information Disclosure Vulnerabilities
Medium Nessus Network Monitor Plugin ID 2394
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host appears to be running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is reported that versions up to 0.19.0 are prone to multiple information disclosure vulnerabilities flaws that may allow an attacker to view stats of all projects or receive information from a project he was removed.
SolutionUpgrade to Mantis version 0.19.1 or higher.