1. Home
  2. CVEs with refmap.mlist==[oss-security] 20081020 Re: CVE request: mantisbt < 1.1.4: RCE
Max CVSS 7.5 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2008-4689 7.5
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.
08-08-2017 - 01:32 22-10-2008 - 18:00
CVE-2008-4688 5.0
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified i
10-02-2009 - 06:56 22-10-2008 - 18:00
Back to Top Mark selected
Back to Top