CVE-2024-34077 | MantisBT up to 2.26.1 Password Reset account_update.php authentication bypass

Inserito da Angelo Barbosa | Mag 13, 2024 | CVE

A vulnerability was found in MantisBT up to 2.26.1 and classified as critical. This issue affects some unknown processing of the file account_update.php of the component Password Reset Handler. The manipulation leads to authentication bypass by primary weakness.

The identification of this vulnerability is CVE-2024-34077. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-34077 | MantisBT up to 2.26.1 Password Reset account_update.php authentication bypass

Post correlati

CVE-2024-40919 | Linux Kernel up to 6.1.94/6.6.34/6.9.5 bnxt_en __hwrm_send null pointer dereference

CVE-2024-20289 | Cisco NX-OS up to 10.4(2) CLI os command injection (cisco-sa-nxos-cmdinj-Lq6jsZhH)

CVE-2024-35679 | GiveWP Plugin up to 3.12.0 on WordPress cross site scripting

CVE-2024-2542 | Jotform Online Forms Plugin up to 1.3.1 on WordPress Shortcode cross site scripting