Unauthenticated Bug Listing in Mantis before 0.17.4
CVE-2002-1112 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
Learn more about our Web Application Penetration Testing UK.