Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mantis < 0.19.1 Multiple Information Disclosure Vulnerabilities

Medium

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host appears to be running a vulnerable version of Mantis, a bug tracker web application written in PHP. It is reported that versions up to 0.19.0 are prone to multiple information disclosure vulnerabilities flaws that may allow an attacker to view stats of all projects or receive information from a project he was removed.

Solution

Upgrade to Mantis version 0.19.1 or higher.