CVE-2014-6316

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.18

Description The issue allows remote attackers to conduct open redirect and phishing attacks. This is due to improper categorization of URLs when running under the web root. Attackers can exploit this via a crafted URL in the return parameter to "login page.php".

Recommendations For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue.