Unauthenticated Bug Listing in Mantis before 0.17.4

Unauthenticated Bug Listing in Mantis before 0.17.4

CVE-2002-1112 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.

Learn more about our Web Application Penetration Testing UK.