Rgiobbi

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.18 **Description** The issue allows remote attackers to conduct open redirect and phishing attacks. This is due to improper categorization of URLs when running under the web root. Attackers can exploit this via a crafted URL in the `return` parameter to "login page.php". **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue.