oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: MantisBT SQL injection in view_all_set.php

From: Damien Regad <dregad () mantisbt org>
Date: Wed, 26 Nov 2014 00:13:34 +0100
Description:
Both the 'sort' and 'dir' parameters to view_all_set.php are insufficiently validated before they are used in queries by view_all_bug_page.php.
Both parameters are split into chunks on ','. After splitting, only the first two values are validated. By supplying a third value, SQL injection can be performed. 

Affected versions:
<= 1.2.17

Fixed in versions:
1.2.18 (not yet released)

Patch:
See Github [1]

Credit:
Issue was discovered by Edwin Gozeling from ITsec Security Services (http://www.itsec.nl/), and fixed by Victor Boctor (MantisBT Developer) 

References:
Further details available in our issue tracker [2]


D. Regad
MantisBT Developer
http://www.mantisbt.org


[1] http://github.com/mantisbt/mantisbt/commit/b0021673
[2] https://www.mantisbt.org/bugs/view.php?id=17841
Previous By Date Next
Previous By Thread Next

Current thread: