|
Message-ID: <m532eu$ruj$1@ger.gmane.org> Date: Wed, 26 Nov 2014 00:13:34 +0100 From: Damien Regad <dregad@...tisbt.org> To: oss-security@...ts.openwall.com Subject: CVE Request: MantisBT SQL injection in view_all_set.php Description: Both the 'sort' and 'dir' parameters to view_all_set.php are insufficiently validated before they are used in queries by view_all_bug_page.php. Both parameters are split into chunks on ','. After splitting, only the first two values are validated. By supplying a third value, SQL injection can be performed. Affected versions: <= 1.2.17 Fixed in versions: 1.2.18 (not yet released) Patch: See Github [1] Credit: Issue was discovered by Edwin Gozeling from ITsec Security Services (http://www.itsec.nl/), and fixed by Victor Boctor (MantisBT Developer) References: Further details available in our issue tracker [2] D. Regad MantisBT Developer http://www.mantisbt.org [1] http://github.com/mantisbt/mantisbt/commit/b0021673 [2] https://www.mantisbt.org/bugs/view.php?id=17841
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.