Main Vulnerability Database Exploits ID:4307 - Exploit for Information disclosure in MantisBT - CVE-2010-4349

ID:4307 - Exploit for Information disclosure in MantisBT - CVE-2010-4349

Published: August 11, 2020

Vulnerability identifier: #VU45492

Vulnerability risk: Medium

CVE-ID: CVE-2010-4349

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
MantisBT

Link to public exploit:

https://www.exploit-db.com/exploits/15735/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

Remediation

Install update from vendor's website.

ID:4307 - Exploit for Information disclosure in MantisBT - CVE-2010-4349

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human