Unrated severityNVD Advisory· Published Oct 22, 2008· Updated Apr 23, 2026
CVE-2008-4688
CVE-2008-4688
Description
core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue's title and status via a request with a modified issue number.
Affected products
13cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:mantis:mantis:*:*:*:*:*:*:*:*range: <=1.1.3
- cpe:2.3:a:mantis:mantis:0.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.1.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- mantisbt.svn.sourceforge.net/viewvc/mantisbt/branches/BRANCH_1_1_0/mantisbt/core/string_api.phpnvd
- secunia.com/advisories/32243nvd
- secunia.com/advisories/32975nvd
- www.gentoo.org/security/en/glsa/glsa-200812-07.xmlnvd
- www.mantisbt.org/bugs/changelog_page.phpnvd
- www.mantisbt.org/bugs/view.phpnvd
- www.openwall.com/lists/oss-security/2008/10/20/1nvd
- www.securityfocus.com/bid/31868nvd
News mentions
0No linked articles in our index yet.