Gjoko

**Name of the Vulnerable Software and Affected Versions** Linear eMerge 50P/5000P devices (affected versions not specified) **Description** The issue allows Cookie Path Traversal, which may lead to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linear eMerge 50P/5000P devices (affected versions not specified) **Description** The issue allows for Cross-Site Request Forgery (CSRF), which is a type of attack that tricks a user into performing unintended actions on a web application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `db type` parameter in the admin/upgrade unattended.php file. This is related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/upgrade unattended.php file to minimize the risk of exploitation. Avoid using the `db type` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.4 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `db type` parameter. This is related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP, which reveals the installation path in an error message. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `admin/upgrade unattended.php` endpoint until a patch is available. Avoid using invalid `db type` parameters in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions prior to 1.2.4 **Description** The issue is related to a directory traversal vulnerability. It allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `db type` parameter. This is due to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `admin/upgrade unattended.php` file to minimize the risk of exploitation. Avoid using the `db type` parameter in the affected endpoint until the issue is resolved.