| VID |
210111 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mantis program is vulnerable to a cross-site request forgery vulnerability via the manage_user_create.php script. Mantis is a freely available PHP-based bug tracking system that uses a MySQL backend database. Mantis version 1.1.1 and possibly other versions are vulnerable to a cross-site request forgery vulnerability, caused by improper validation of user-supplied input by the manage_user_create.php script. Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request, such as changing the victim's e-mail address, home address, or password, or purchasing something. If a remote attacker could trick a logged-in administrator into viewing a specially-crafted page, the attacker could send a malformed HTTP request to cause the victim to perform arbitrary tasks, such as creating additional users with administrator privileges
* References:
http://www.mantisbt.org/bugs/view.php?id=8995
http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5132
http://www.mantisbt.org/blog/?p=19
http://www.attrition.org/pipermail/vim/2008-May/001980.html
http://secunia.com/advisories/30270
* Platforms Affected:
Mantis version 1.1.1 and possibly other versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Mantis (1.2.0a1 or later), available from the Mantis Web site at http://www.mantisbt.org/download.php |
| Related URL |
CVE-2008-2276 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
42447 (ISS) |
|
