0008995: CSRF Vulnerabilities in user_create - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0008995	mantisbt	security	public	2008-03-22 22:01	2008-05-08 21:56

Reporter	thraxisp	Assigned To	thraxisp
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	git trunk
Target Version	1.2.0a1	Fixed in Version	1.2.0a1

Summary	0008995: CSRF Vulnerabilities in user_create
Description	Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity Impact (CVSSv2) (, vector: ) Vendor http://www.mantisbt.org/ Advisory Authors Antonio "s4tan" Parata (s4tan AT ush DOT it) Francesco "ascii" Ongaro (ascii AT ush DOT it) B) CSRF Vulnerabilities There is a Cross Site Requst Forgery vulnerability in the software. If a logged in user with administrator privileges clicks on the following url: http://www.example.com/mantis/manage_user_create.php?username=foo&realname=aa&password=aa&password_verify=aa&email=foo@attacker.com&access_level=90&protected=0&enabled=1 a new user 'foo' with administrator privileges is created. The password of the new user is sent to foo@attacker.com.
Tags	No tags attached.

thraxisp 2008-03-22 22:09 reporter ~0017439	submitted to SVN r5132 Action pages are now qualified by checking for a POST command.