• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mantis Unauthorized Bug Viewing Vulnerability

Mantis is a web-based bug tracking system. It is written in PHP and back-ended by a MySQL database.

A number of scripts used to view bug data do not check user permissions. Users may directly call these scripts, and specify arbitrary bug IDs through CGI parameters. Details of these bugs will then be displayed to the user.