cbcvebase.
CVE-2017-7620
published 2017-05-21

CVE-2017-7620: MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of…

PriorityP335medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EXPLOIT
EPSS
1.36%
68.2th percentile
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.

Affected

14 ranges
VendorProductVersion rangeFixed in
mantisbtmantisbt<= 1.3.10
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt
mantisbtmantisbt>= 0 < 1.3.111.3.11
mantisbtmantisbt>= 2.0.0 < 2.3.32.3.3
mantisbtmantisbt>= 2.4.0 < 2.4.12.4.1

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.