Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MantisBT 跨站请求伪造漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.4.1之前的版本中存在跨站请求伪造漏洞,该漏洞源于string_api.php文件中缺少反斜线符号的检测。攻击者可利用该漏洞注入静态连结。
CVSS Information
N/A
Vulnerability Type
N/A