|
Family: CGI abuses --> Category: infos
Mantis < 0.19.3 Multiple Flaws Vulnerability Scan
Vulnerability Scan Summary Checks for flaws in Mantis < 0.19.3
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple flaws.
Description :
The remote version of Mantis suffers from a remote file inclusion
vulnerability. Provided PHP's 'register_globals' setting is enabled,
A possible hacker may be able to leverage this issue to read arbitrary files
on the local host or to execute arbitrary PHP code, possibly taken
from third-party hosts.
In addition, the installed version reportedly may be prone to SQL
injection, cross-site scripting, and information disclosure attacks.
See also :
http://secunia.com/secunia_research/2005-46/advisory/
http://sourceforge.net/mailarchive/forum.php?thread_id=8517463&forum_id=7369
Solution :
Upgrade to Mantis 0.19.3 or newer.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|