First published: Fri Feb 02 2018(Updated: )
view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call in current_user_api.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mantisbt Mantisbt | <=2.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6526 is a vulnerability in MantisBT 2.10.0-development that allows remote attackers to discover the full path via an invalid filter parameter.
This vulnerability can be exploited by sending a specially crafted request with an invalid filter parameter to view_all_bug_page.php in MantisBT 2.10.0-development.
CVE-2018-6526 has a severity rating of 5.3 (medium).
To fix CVE-2018-6526, upgrade to a version of MantisBT that is later than 2.10.0-development.
You can find more information about CVE-2018-6526 at the following references: [1] http://www.securityfocus.com/bid/103065 [2] https://github.com/mantisbt/mantisbt/commit/de686a9e6d8c909485b87ca09c8f912bf83082f2 [3] https://mantisbt.org/bugs/view.php?id=23921