Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
MantisBT < 2.24.4 Multiple Vulnerabilities - Windows
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
MantisBT is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - SQL Injection can occur in the parameter 'access' of the mc_project_get_users function through the API SOAP (CVE-2020-28413) - Incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter (CVE-2020-35849)
Affected Software
Affected Software
MantisBT versions 2.24.3 and probably prior.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 2.24.4 or later.