CVE-2009-20001 is a vulnerability in MantisBT
Published on March 7, 2021

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.

NVD

Products Associated with CVE-2009-20001

Want to know whenever a new CVE is published for MantisBT? stack.watch will email you.

MantisBT

Exploit Probability

EPSS

0.90%

Percentile

54.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2009-20001 is a vulnerability in MantisBTPublished on March 7, 2021

Products Associated with CVE-2009-20001

Exploit Probability

CVE-2009-20001 is a vulnerability in MantisBT
Published on March 7, 2021