The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.
References
Configurations
Configuration 1 (hide)
|
History
12 Jan 2021, 18:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:* |
Information
Published : 2015-02-10 20:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-1042
Mitre link : CVE-2015-1042
CVE.ORG link : CVE-2015-1042
JSON object : View
Products Affected
mantisbt
- mantisbt
CWE