CVE-2004-1734

Name of the Vulnerable Software and Affected Versions Mantis version 0.19.0a

Description The issue allows remote attackers to execute arbitrary PHP code by modifying specific parameters in API endpoints. The t core path parameter to bug api.php and the t core dir parameter to relationship api.php can be modified to reference a URL on a remote web server that contains the code.

Recommendations For Mantis version 0.19.0a, as a temporary workaround, consider restricting access to the bug api.php and relationship api.php endpoints until a patch is available. Avoid using the t core path and t core dir parameters in these endpoints to minimize the risk of exploitation.