Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MantisBT 安全漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 1.2.18之前版本中存在安全漏洞,该漏洞源于程序使用‘public_key’参数值作为CAPTCHA答案的key值。远程攻击者可利用该漏洞绕过CAPTCHA保护机制。
CVSS Information
N/A
Vulnerability Type
N/A