Total vulnerabilities in the database
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php.
| Software | From | Fixed in |
|---|---|---|
| mantis / mantis | 0.17.0 | 0.17.0.x |
| mantis / mantis | 0.17.4a | 0.17.4a.x |
| mantis / mantis | 0.17.2 | 0.17.2.x |
| mantis / mantis | 0.17.3 | 0.17.3.x |
| mantis / mantis | 0.17.1 | 0.17.1.x |
| mantis / mantis | 0.17.4 | 0.17.4.x |