Mantis Multiple Unspecified Remote Vulnerabilities

Mantis Multiple Unspecified Remote Vulnerabilities

Mantis is prone to multiple remote vulnerabilities.

These issues arise in Mantis versions prior to 0.19.4 and 1.0.0rc4.

These issues can allow attackers to access sensitive information and carry out cross-site scripting, HTML-injection, and SQL-injection attacks, and possibly execute arbitrary PHP script code. Other attacks may be possible as well.

This BID will be updated or split into individual records as further information is disclosed.