Vulnerabilities > CVE-2004-1731 - Unspecified vulnerability in Mantis

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mantis

nessus

exploit available

NVD

Published: 2004-08-20

Updated: 2017-07-11

Summary

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.

Vulnerable Configurations

Part	Description	Count
Application	Mantis Mantis Mantis 0.9 Mantis Mantis 0.9.1 Mantis Mantis 0.10 Mantis Mantis 0.10.1 Mantis Mantis 0.10.2 Mantis Mantis 0.11 Mantis Mantis 0.11.1 Mantis Mantis 0.12 Mantis Mantis 0.13 Mantis Mantis 0.13.1 Mantis Mantis 0.14 Mantis Mantis 0.14.1 Mantis Mantis 0.14.2 Mantis Mantis 0.14.3 Mantis Mantis 0.14.4 Mantis Mantis 0.14.5 Mantis Mantis 0.14.6 Mantis Mantis 0.14.7 Mantis Mantis 0.14.8 Mantis Mantis 0.15 Mantis Mantis 0.15.1 Mantis Mantis 0.15.2 Mantis Mantis 0.15.3 Mantis Mantis 0.15.4 Mantis Mantis 0.15.5 Mantis Mantis 0.15.6 Mantis Mantis 0.15.7 Mantis Mantis 0.15.8 Mantis Mantis 0.15.9 Mantis Mantis 0.15.10 Mantis Mantis 0.15.11 Mantis Mantis 0.15.12 Mantis Mantis 0.16 Mantis Mantis 0.16.0 Mantis Mantis 0.16.1 Mantis Mantis 0.17 Mantis Mantis 0.17.0 Mantis Mantis 0.17.1 Mantis Mantis 0.17.2 Mantis Mantis 0.17.3 Mantis Mantis 0.17.4 Mantis Mantis 0.17.4A Mantis Mantis 0.17.5 Mantis Mantis 0.18 Mantis Mantis 0.18.0_Rc1 Mantis Mantis 0.18.0A2 Mantis Mantis 0.18.0A3 Mantis Mantis 0.18.0A4 Mantis Mantis 0.18A1 Mantis Mantis 0.19.0A	50

Exploit-Db

description	Mantis 0.x New Account Signup Mass Emailing Vulnerability. CVE-2004-1731. Webapps exploit for php platform
id	EDB-ID:24392
last seen	2016-02-02
modified	2004-08-21
published	2004-08-21
reporter	Jose Antonio
source	https://www.exploit-db.com/download/24392/
title	Mantis 0.x New Account Signup Mass Emailing Vulnerability

Nessus

NASL family	CGI abuses
NASL id	MANTIS_MULTIPLE_VULNS2.NASL
description	According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP
last seen	2020-06-01
modified	2020-06-02
plugin id	14324
published	2004-08-22
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14324
title	Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14324); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_cve_id("CVE-2004-1730", "CVE-2004-1731", "CVE-2004-1734"); script_bugtraq_id(10993, 10994, 10995); script_name(english:"Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities"); script_summary(english:"Checks for the version of Mantis"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'register_globals' setting is enabled."); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109312225727345&w=2"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109313416727851&w=2"); script_set_attribute(attribute:"solution", value:"Upgrade to Mantis 0.18.3 or 0.19.0a2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/22"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mantisbt:mantisbt"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("mantis_detect.nasl"); script_require_keys("installed_sw/MantisBT", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); port = get_http_port(default:80, php:TRUE); app_name = "MantisBT"; install = get_single_install(app_name: app_name, port: port, exit_if_unknown_ver:TRUE); install_url = build_url(port:port, qs:install['path']); version = install['version']; if (report_paranoia < 2) audit(AUDIT_PARANOID); if(ereg(pattern:"^0\.([0-9]\.\|1[0-7]\.\|18\.[0-2][^0-9]\|19\.0 *a[01]([^0-9]\|$))", string:version)) { if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +version+ '\n Fixed version : 0.18.3 or 0.19.0a2\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, install_url, version);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References