#VU45492 Information disclosure in MantisBT - CVE-2010-4349
Vulnerability identifier: #VU45492
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2010-4349
CWE-ID:
CWE-200
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
MantisBT
Web applications /
Other software
Vendor: mantisbt.sourceforge.net
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
Mitigation
Install update from vendor's website.
Vulnerable software versions
MantisBT: 0.18.0 - 1.2.2
External links
https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
https://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
https://openwall.com/lists/oss-security/2010/12/15/4
https://openwall.com/lists/oss-security/2010/12/16/1
https://secunia.com/advisories/42772
https://secunia.com/advisories/51199
https://security.gentoo.org/glsa/glsa-201211-01.xml
https://www.mantisbt.org/blog/?p=123
https://www.mantisbt.org/bugs/changelog_page.php?version_id=112
https://www.mantisbt.org/bugs/view.php?id=12607
https://www.vupen.com/english/advisories/2011/0002
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
