oss-sec mailing list archives
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability
From: Damien Regad <dregad () mantisbt org>
Date: Tue, 04 Mar 2014 09:03:42 +0100
On 28.02.2014 21:05, cve-assign () mitre org wrote:
http://www.mantisbt.org/bugs/view.php?id=17055admin_config_report.php relied on unsanitized, inlined query parameters, enabling a malicious user to perform an SQL injection attack.Use CVE-2014-2238.
MantisBT 1.2.17 has been released [1] and is available for download [2]. [1] http://www.mantisbt.org/blog/?p=288 [2] https://sourceforge.net/projects/mantisbt/files/mantis-stable/1.2.17/ --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
Current thread:
- CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Feb 28)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign (Feb 28)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 03)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 04)
- Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign (Feb 28)