Description
MantisBT version 1.2.18 (and older versions) are affected by multiple security issues. All installations that are currently running any 1.2.x version are strongly advised to upgrade to MantisBT 1.2.19.
This release resolves 5 security issues:
- #17938/CVE-2014-9571: XSS in install.php
- #17939/CVE-2014-9572: Improper Access Control in install.php
- #17940/CVE-2014-9573: SQL Injection in manage_user_page.php
- #17984/CVE-2014-9624: CAPTCHA bypass
- #17997/CVE-2015-1042: URL redirection issue
Remediation
Upgrade to the latest version of MantisBT (these issues were fixed in version 1.2.19).
References
Related Vulnerabilities
WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)