CRLF injection vulnerability in Mantis 1.0.0rc3 and previous versions allows remote malicious users to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|