View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008995 | mantisbt | security | public | 2008-03-22 22:01 | 2008-05-08 21:56 |
Reporter | thraxisp | Assigned To | thraxisp | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | git trunk | ||||
Target Version | 1.2.0a1 | Fixed in Version | 1.2.0a1 | ||
Summary | 0008995: CSRF Vulnerabilities in user_create | ||||
Description | Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis There is a Cross Site Requst Forgery vulnerability in the software. If a logged in user with administrator privileges clicks on the following url: a new user 'foo' with administrator privileges is created. The password of the new user is sent to foo@attacker.com. | ||||
Tags | No tags attached. | ||||