CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4688

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.053

EPSS Ranking 89.6%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2008-4688

Mantis » Mantis » Version: Any

cpe:2.3:a:mantis:mantis:*
Mantis » Mantis » Version: 0.19.3

cpe:2.3:a:mantis:mantis:0.19.3
Mantis » Mantis » Version: 0.19.4

cpe:2.3:a:mantis:mantis:0.19.4
Mantis » Mantis » Version: 1.0.1

cpe:2.3:a:mantis:mantis:1.0.1
Mantis » Mantis » Version: 1.0.2

cpe:2.3:a:mantis:mantis:1.0.2
Mantis » Mantis » Version: 1.0.3

cpe:2.3:a:mantis:mantis:1.0.3
Mantis » Mantis » Version: 1.0.4

cpe:2.3:a:mantis:mantis:1.0.4
Mantis » Mantis » Version: 1.0.5

cpe:2.3:a:mantis:mantis:1.0.5
Mantis » Mantis » Version: 1.0.6

cpe:2.3:a:mantis:mantis:1.0.6
Mantis » Mantis » Version: 1.0.7

cpe:2.3:a:mantis:mantis:1.0.7
Mantis » Mantis » Version: 1.0.8

cpe:2.3:a:mantis:mantis:1.0.8
Mantis » Mantis » Version: 1.1.1

cpe:2.3:a:mantis:mantis:1.1.1
Mantis » Mantis » Version: 1.1.2

cpe:2.3:a:mantis:mantis:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4688

Products

Pricing

Contact Us