Описание
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Ссылки
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
core/string_api.php in MantisBT before 1.2.18 does not properly catego ...
core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
EPSS
5.8 Medium
CVSS2