Family: CGI abuses --> Category: infos
Mantis < 0.19.3 Multiple Flaws Vulnerability Scan
Vulnerability Scan Summary
Checks for flaws in Mantis < 0.19.3
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The remote version of Mantis suffers from a remote file inclusion
vulnerability. Provided PHP's 'register_globals' setting is enabled,
A possible hacker may be able to leverage this issue to read arbitrary files
on the local host or to execute arbitrary PHP code, possibly taken
from third-party hosts.
In addition, the installed version reportedly may be prone to SQL
injection, cross-site scripting, and information disclosure attacks.
See also :
Upgrade to Mantis 0.19.3 or newer.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.