Detections
Analytics

Mantis manage_user_create.php CSRF New User Creation

medium Nessus Plugin ID 32324

Language:

Synopsis

The remote web server contains a PHP application that is affected by multiple cross-site request forgery vulnerabilities.

Description

The version of Mantis Bug Tracker installed on the remote host does not verify the validity of HTTP requests before performing various administrative actions. If a remote attacker can trick a logged-in administrator into viewing a specially crafted page, the vulnerability could be leveraged to launch cross-site request forgery attacks against the affected application, such as creating additional users with administrator privileges.

Note that the application is also reportedly affected by other issues, including one that allows remote code execution provided an attacker has administrator privileges, although Nessus did not explicitly test for them.

Solution

Upgrade to Mantis 1.2.0a1 or later.

See Also

https://mantisbt.org/bugs/view.php?id=8995

http://www.attrition.org/pipermail/vim/2008-May/001980.html

http://www.nessus.org/u?c5db0035

https://mantisbt.org/blog/archives/mantisbt/19

Plugin Details

Severity: Medium

ID: 32324

File Name: mantis_csrf.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 5/15/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-2276

CWE: 352

SECUNIA: 30270