CVE-2024-23830

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-74
View all →

Vulnerability Description

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.

Related Vulnerabilities

CVE-2019-9811

HIGH
CVSS:8.3(High)

As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vu...

CWE-742019

CVE-2024-39906

HIGH
CVSS:8.3(High)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker ca...

CWE-742024

CVE-2017-18786

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R...

CWE-742017

CVE-2017-18787

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R...

CWE-742017

CVE-2017-18792

HIGH
CVSS:8.4(High)

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

CWE-742017

CVE-2017-18794

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7...

CWE-742017