PT-2015-5033 · Mantisbt · Mantisbt

Alex

Published

2015-02-10

Updated

2021-01-12

CVE-2015-1042

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions MantisBT versions 1.2.0a3 through 1.2.18

Description The issue arises from an incorrect regular expression used in the string sanitize url function, allowing remote attackers to conduct open redirect and phishing attacks. This can be achieved by providing a URL with a :/ (colon slash) separator in the return parameter to login page.php.

Recommendations For MantisBT versions 1.2.0a3 through 1.2.18, consider updating to a version that fixes the incorrect regular expression in the string sanitize url function. As a temporary workaround, restrict access to the login page.php endpoint to minimize the risk of exploitation. Avoid using the return parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-1042

Affected Products

Mantisbt

PT-2015-5033 · Mantisbt · Mantisbt

CVE-2015-1042

Related Identifiers

Affected Products

References · 9