CVE-2015-1042

Name of the Vulnerable Software and Affected Versions MantisBT versions 1.2.0a3 through 1.2.18

Description The issue arises from an incorrect regular expression used in the string sanitize url function, allowing remote attackers to conduct open redirect and phishing attacks. This can be achieved by providing a URL with a :/ (colon slash) separator in the return parameter to login page.php.

Recommendations For MantisBT versions 1.2.0a3 through 1.2.18, consider updating to a version that fixes the incorrect regular expression in the string sanitize url function. As a temporary workaround, restrict access to the login page.php endpoint to minimize the risk of exploitation. Avoid using the return parameter in the affected endpoint until the issue is resolved.