oss-sec mailing list archives
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability
From: cve-assign () mitre org
Date: Fri, 28 Feb 2014 15:05:41 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://www.mantisbt.org/bugs/view.php?id=17055
admin_config_report.php relied on unsanitized, inlined query parameters, enabling a malicious user to perform an SQL injection attack.
Use CVE-2014-2238. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTEOrzAAoJEKllVAevmvmspe0H/2ZbK4tLZxphR3oxZxG4us3k id4xpzKnkXhxvh1WOcAOg7XZO1Hz0C8KP+I4uHEPXgRTdkZ8cgxql7Za950xmKIh GheEzcHA+2tLPPsVnvqUNgzzfPfDRrclLXHctWLzgEq3zlP6IoDM38R9GbYW4h1k AOofk0X5KKZPo0W4UiUeu78pztM/7pPmll/TmGmUXYBILK6kZmIyl7y0c9vsxr30 N8TDZWae5iQzTbnqI9OIDyd9hGfZVs0ec/jKToMKNt/Hku1UB4WMqk7qO/Size/V ICxKaeTc4gr4kbxTgw4FYEQ9wT1fZNGLbpineeBrtbxu4F6VAj5fY0A1viyrjd8= =z9fj -----END PGP SIGNATURE-----
Current thread:
- CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Feb 28)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign (Feb 28)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 03)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 04)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign (Feb 28)