Main Vulnerability Database Exploits ID:1205 - Exploit for Cross-site request forgery in MantisBT - CVE-2017-7620

ID:1205 - Exploit for Cross-site request forgery in MantisBT - CVE-2017-7620

Published: March 18, 2020

Vulnerability identifier: #VU6631

Vulnerability risk: Medium

CVE-ID: CVE-2017-7620

CWE-ID: CWE-352

Exploitation vector: Remote access

Vulnerable software:
MantisBT

Link to public exploit:

https://www.exploit-db.com/exploits/42043/

Vulnerability description

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to improper validation of the HTTP request origin in 'string_api.php'. A remote attacker can create a specially specially crafted web page, trick the authenticated victim into visiting it and inject arbitrary permalinks into the mantisbt Web Interface.

Successful exploitation of the vulnerability may result in cross-site request forgery conducting.

Remediation

Update to version 1.3.11, 2.3.3, 2.4.1.

ID:1205 - Exploit for Cross-site request forgery in MantisBT - CVE-2017-7620

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human