Back to search
CVE-2015-1042
Published: Feb 10, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.mantisbt.org/bugs/view.php?id=17997
x_refsource_CONFIRM
1031633
vdb-entry
x_refsource_SECTRACK
[oss-security] 20150110 Re: CVE-2014-6316: URL redirection issue in MantisBT
mailing-list
x_refsource_MLIST
[oss-security] 20150111 Re: Re: CVE-2014-6316: URL redirection issue in MantisBT
mailing-list
x_refsource_MLIST
20150128 CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect')
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now