CVE-2017-7615
CVE-2017-7615
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/41890/unverifiedexploitdbwww.exploit-db.com/exploits/41890unverifiedexploitdbwww.exploit-db.com/exploits/48818unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txthttp://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.htmlhttps://mantisbt.org/bugs/view.php?id=22690https://www.exploit-db.com/exploits/41890/http://www.openwall.com/lists/oss-security/2017/04/16/2http://www.securityfocus.com/bid/97707