>> Mantis Custom Field Handling History Module Remote Information Disclosure Weakness
Title : Mantis Custom Field Handling History Module Remote Information Disclosure Weakness VUPEN ID : VUPEN/ADV-2006-4978 CVE ID : CVE-2006-6515 - CVE-2006-6574
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-12-13
Technical Description
A weakness has been identified in Mantis, which could be exploited by malicious users to gain knowledge of potentially sensitive information. This issue is due to an error within custom fields, which could cause certain data to be disclosed to arbitrary users via the bug history module.
Note : An error within the default value of "g_bug_reminder_threshold" has also been reported.
