Mantis contains a flaw that allows an arbitrary email relay. This flaw exists because the application does not validate email fields upon submission to the "signup_page.php" script. By creating a specially crafted URL with different usernames, a remote attacker can send multiple e-mails to the same e-mail address resulting in a loss of integrity.

Upgrade to version 0.19.0a2 (Alpha) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Bugtraq ID: 10995
• Secunia Advisory ID: 12338
• ISS X-Force ID: 17093
• CVE ID: 2004-1731 (see also: NVD)
• Related OSVDB ID: 9086 9087 9088 9089 9091
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0292.html
• Vendor URL: http://www.mantisbt.org/
• Other Advisory URL: http://www.securiteam.com/unixfocus/5KP0N0KDPA.html

• Joxean Koret - joxeankoretyahoo.es -