{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.3.10" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.1" }, { "introduced": "0" }, { "last_affected": "2.1.0" }, { "introduced": "0" }, { "last_affected": "2.1.1" }, { "introduced": "0" }, { "last_affected": "2.1.2" }, { "introduced": "0" }, { "last_affected": "2.2.0" }, { "introduced": "0" }, { "last_affected": "2.2.2" }, { "introduced": "0" }, { "last_affected": "2.2.3" }, { "introduced": "0" }, { "last_affected": "2.2.4" }, { "introduced": "0" }, { "last_affected": "2.4.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "a5fe25b9e937af5486d49318c75fbd3e026bf37a" }, { "introduced": "0" }, { "last_affected": "ac51f2a22377ec1cef40ae53048327d7ab2df33e" }, { "introduced": "0" }, { "last_affected": "6aae5cbd3ced0df0bb165bfe67295a4ea27e58b5" }, { "introduced": "0" }, { "last_affected": "9f117fd951fbde716077b1453e0ecba9dbdc588a" }, { "introduced": "0" }, { "last_affected": "4d317bf6c92a2cf32644286b5f49b6c34988d973" }, { "introduced": "0" }, { "last_affected": "67edb2ce5d720c28ebac4acf1d9d6f990c4eff99" }, { "introduced": "0" }, { "last_affected": "b77f7b5783e270066cdf10dae36f6241ac1591c3" }, { "introduced": "0" }, { "last_affected": "5e95a5db5f445ec39868b341a73416a8f9008c35" }, { "introduced": "0" }, { "last_affected": "a954bbdc7e53b98dcac51fcf8bc6cb41deaa0028" }, { "introduced": "0" }, { "last_affected": "73a34c4af43358599ff62b01c1b1f23d75a0c76c" }, { "introduced": "0" }, { "last_affected": "d83c14a9cd3cdd898fd911dd904feacea7340ac6" } ], "repo": "https://github.com/mantisbt/mantisbt", "type": "GIT" } ] } ], "details": "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.", "id": "CVE-2017-7620", "modified": "2026-04-01T23:09:41.590624932Z", "published": "2017-05-21T14:29:00.180Z", "references": [ { "type": "WEB", "url": "http://www.securitytracker.com/id/1038538" }, { "type": "REPORT", "url": "https://mantisbt.org/bugs/view.php?id=22702" }, { "type": "REPORT", "url": "https://mantisbt.org/bugs/view.php?id=22816" }, { "type": "EVIDENCE", "url": "https://www.exploit-db.com/exploits/42043/" }, { "type": "EVIDENCE", "url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }