CVE-2011-3357
MantisBT < 1.2.8 - Remote File Inclusion via Action Parameter
Title source: llmDescription
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
References (19)
Core 19
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8392
Patch x_refsource_confirm
https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2308
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/04/1
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201211-01.xml
Exploit x_refsource_misc
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/04/2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45961
Patch x_refsource_confirm
https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d
Exploit, Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=735514
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49448
Exploit x_refsource_confirm
http://www.mantisbt.org/bugs/view.php?id=13281
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69588
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51199
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/09/9
Exploit mailing-list
x_refsource_mlist
http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html
Exploit vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/519547/100/0/threaded
Scores
EPSS
0.0930
EPSS Percentile
94.7%
Details
CWE
CWE-22
Status
published
Products (27)
mantisbt/mantisbt
0.19.3
mantisbt/mantisbt
0.19.4
mantisbt/mantisbt
1.0.0
mantisbt/mantisbt
1.0.1
mantisbt/mantisbt
1.0.2
mantisbt/mantisbt
1.0.3
mantisbt/mantisbt
1.0.4
mantisbt/mantisbt
1.0.5
mantisbt/mantisbt
1.0.6
mantisbt/mantisbt
1.0.7
... and 17 more
Published
Sep 21, 2011
Tracked Since
Feb 18, 2026