CVE-2008-4689

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.

Date published : 2008-10-22

http://www.mantisbt.org/bugs/changelog_page.php

http://www.mantisbt.org/bugs/file_download.php?file_id=1988&type=bug