Mantis New Account Signup Mass Emailing漏洞

Mantis bugtracker的signup_page.php存在漏洞。远程攻击者通过创建多个用户和提供相同电子邮件地址来发送电子邮件炸弹。

The vendor has reportedly implemented a captcha system for new account signup requests that may mitigate the possibility of an automated exploit of this vulnerability. At the time of this writing, no released versions of the package exist that fix this vulnerability.

来源: XF
名称: mantis-improper-account-validation(17093)
链接:http://xforce.iss.net/xforce/xfdb/17093

来源: BID
名称: 10995
链接:http://www.securityfocus.com/bid/10995

来源: BUGTRAQ
名称: 20040820 Multiple Vulnerabilities in Mantis Bugtracker
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109312225727345&w=2