Showing 1 - 1 of 1

CVE-2008-2276

Status Candidate

Overview

Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link.

Related Files

Gentoo Linux Security Advisory 200809-10: Posted Sep 22, 2008; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200809-10 - Multiple vulnerabilities have been reported in Mantis. Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a Cross-Site Scripting vulnerability in return_dynamic_filters.php (CVE-2008-3331), and an insufficient input validation in adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability in core/lang_api.php (CVE-2008-3333) has also been reported. Versions less than 1.1.2 are affected.; tags | advisory, php, vulnerability, xss, csrf; systems | linux, gentoo; advisories | CVE-2008-2276, CVE-2008-3331, CVE-2008-3332, CVE-2008-3333; SHA-256 | eafe452544fafec966e8519b25d1673da524d85f9967628e4b68d7a056195f74; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2008-2276

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems