← back
CVE-2017-7620

CVE-2017-7620

EPSS 1.4%
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42043/unverifiedexploitdbwww.exploit-db.com/exploits/42043unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txthttps://mantisbt.org/bugs/view.php?id=22702https://mantisbt.org/bugs/view.php?id=22816https://www.exploit-db.com/exploits/42043/http://www.securitytracker.com/id/1038538