CVE-2008-3333

Name of the Vulnerable Software and Affected Versions Mantis versions prior to 1.1.2

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary files. This is achieved by manipulating the language parameter to the user preferences page, specifically the account prefs update.php page.

Recommendations For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the account prefs update.php page and limiting the allowed values for the language parameter until a patch is applied.