Foolandtom

**Name of the Vulnerable Software and Affected Versions** MantisBT version 2.10.0-development before 2018-02-02 **Description** The issue allows remote attackers to discover the full path via an invalid `filter` parameter. This is related to a `filter ensure valid filter` call in `current user api.php`. The `/view all bug page.php` endpoint is affected. **Recommendations** For MantisBT version 2.10.0-development before 2018-02-02, update to a version released after 2018-02-02 to resolve the issue. As a temporary workaround, consider restricting access to the `/view all bug page.php` endpoint until a patch is available. Avoid using invalid `filter` parameters in the affected endpoint until the issue is resolved.