CVE-2017-7615 Scanner
CVE-2017-7615 scanner - Improper Access Control vulnerability in MantisBT
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days 4 hours
Scan only one
URL
Toolbox
-
MantisBT is a software that is used for bug tracking and project management. It is an open-source tool that is widely used by software developers to manage their projects. The software comes with a web interface and supports multiple platforms such as Windows, Mac OS X, and Linux. Users can create tasks, add comments, and track progress using the software's interface. The tool allows users to easily collaborate and share information, and is highly customizable to suit the specific needs of each user or project.
The CVE-2017-7615 vulnerability is a security flaw in MantisBT through version 2.3.0. The vulnerability allows an attacker to reset any user's password or gain access to administrative privileges without proper authorization. This vulnerability is due to the software accepting an empty confirm_hash value. This means that an attacker can exploit the bug by simply sending a request with an empty confirm_hash value to the verify.php script.
If the CVE-2017-7615 vulnerability is exploited, an attacker can easily gain access to sensitive information or take control of the project management system. This could lead to data breach incidents and jeopardize the reputation of the project. Attackers could also use the vulnerability to launch further attacks on the organization's digital assets or steal valuable data from the system. Therefore, it is crucial to take immediate action to mitigate the risk of exploitation.
Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets. The platform is designed to provide users with comprehensive information on existing threats and vulnerabilities, as well as offering risk assessment and mitigation services. Its cutting-edge technology ensures that users receive real-time alerts on any security incidents and vulnerabilities, enabling them to take swift action to protect their sensitive information. By leveraging the features of s4e.io, organizations can minimize the risks of security breaches and promote a culture of cybersecurity awareness.
REFERENCES
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2017/04/16/2
- http://www.securityfocus.com/bid/97707
- https://mantisbt.org/bugs/view.php?id=22690
- https://www.exploit-db.com/exploits/41890/
