View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0027101||mantisbt||security||public||2020-07-22 09:45||2020-08-15 10:44|
|Status||closed||Resolution||no change required|
|Summary||0027101: mantisbt<=1.1.6 Arbitrary file reading vulnerability exists|
I found an arbitrary file reading vulnerability with mantisbt<=1.1.6. I want to show you how to exploit the vulnerability, and then you can apply for a CVE number for me. Is this okay?
|Steps To Reproduce|
If successful, this is my first CVE number. I hope you guys will help me. Thank you
|Tags||No tags attached.|
Thanks for your report. Unfortunately, Mantis 1.1 and 1.2 are obsolete and no longer supported.
If the vulnerability you discovered can still be reproduced in current releases (1.3.20 or 2.24.0), we would gladly consider fixing it. In that case, please post details including detailed steps to reproduce.
When trying, use latest 2.24.1 as there are attachment related security fixes in it, see 0026631 and related ones.
@Nolan, you have not responded to my previous note. If you can't confirm that the issue you reported can be reproduced in current release, I'll close this as "no change required".
Solved it, thank you
|2020-07-22 09:45||Nolan||New Issue|
|2020-07-22 10:04||dregad||Status||new => feedback|
|2020-07-22 10:04||dregad||Note Added: 0064174|
|2020-07-22 10:04||dregad||Category||db mysql => security|
|2020-07-22 17:05||atrol||Note Added: 0064178|
|2020-07-22 17:05||atrol||Note Edited: 0064178||View Revisions|
|2020-08-01 10:07||dregad||Note Added: 0064215|
|2020-08-02 10:34||Nolan||Issue cloned: 0027120|
|2020-08-03 09:43||Nolan||Issue cloned: 0027121|
|2020-08-04 00:33||Nolan||Note Added: 0064224|
|2020-08-04 00:33||Nolan||Status||feedback => new|
|2020-08-04 04:07||atrol||Assigned To||=> atrol|
|2020-08-04 04:07||atrol||Status||new => resolved|
|2020-08-04 04:07||atrol||Resolution||open => no change required|
|2020-08-04 04:14||dregad||View Status||private => public|
|2020-08-15 10:44||atrol||Status||resolved => closed|