CVE-2017-7615 Scanner
Detects 'Improper Access Control' vulnerability in MantisBT affects v. through 2.3.0.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2017-7615 Scanner Detail
MantisBT is a software that is used for bug tracking and project management. It is an open-source tool that is widely used by software developers to manage their projects. The software comes with a web interface and supports multiple platforms such as Windows, Mac OS X, and Linux. Users can create tasks, add comments, and track progress using the software's interface. The tool allows users to easily collaborate and share information, and is highly customizable to suit the specific needs of each user or project.
The CVE-2017-7615 vulnerability is a security flaw in MantisBT through version 2.3.0. The vulnerability allows an attacker to reset any user's password or gain access to administrative privileges without proper authorization. This vulnerability is due to the software accepting an empty confirm_hash value. This means that an attacker can exploit the bug by simply sending a request with an empty confirm_hash value to the verify.php script.
If the CVE-2017-7615 vulnerability is exploited, an attacker can easily gain access to sensitive information or take control of the project management system. This could lead to data breach incidents and jeopardize the reputation of the project. Attackers could also use the vulnerability to launch further attacks on the organization's digital assets or steal valuable data from the system. Therefore, it is crucial to take immediate action to mitigate the risk of exploitation.
Thanks to the pro features of the securityforeveryone.com platform, readers can easily and quickly learn about vulnerabilities in their digital assets. The platform is designed to provide users with comprehensive information on existing threats and vulnerabilities, as well as offering risk assessment and mitigation services. Its cutting-edge technology ensures that users receive real-time alerts on any security incidents and vulnerabilities, enabling them to take swift action to protect their sensitive information. By leveraging the features of securityforeveryone.com, organizations can minimize the risks of security breaches and promote a culture of cybersecurity awareness.
REFERENCES
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- http://packetstormsecurity.com/files/159219/Mantis-Bug-Tracker-2.3.0-Remote-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2017/04/16/2
- http://www.securityfocus.com/bid/97707
- https://mantisbt.org/bugs/view.php?id=22690
- https://www.exploit-db.com/exploits/41890/
control security posture