oss-sec mailing list archives
CVE Request: MantisBT SQL injection in view_all_set.php
From: Damien Regad <dregad () mantisbt org>
Date: Wed, 26 Nov 2014 00:13:34 +0100
Description:Both the 'sort' and 'dir' parameters to view_all_set.php are insufficiently validated before they are used in queries by view_all_bug_page.php.
Both parameters are split into chunks on ','. After splitting, only the first two values are validated. By supplying a third value, SQL injection can be performed.
Affected versions: <= 1.2.17 Fixed in versions: 1.2.18 (not yet released) Patch: See Github [1] Credit:Issue was discovered by Edwin Gozeling from ITsec Security Services (http://www.itsec.nl/), and fixed by Victor Boctor (MantisBT Developer)
References: Further details available in our issue tracker [2] D. Regad MantisBT Developer http://www.mantisbt.org [1] http://github.com/mantisbt/mantisbt/commit/b0021673 [2] https://www.mantisbt.org/bugs/view.php?id=17841
Current thread:
- CVE Request: MantisBT SQL injection in view_all_set.php Damien Regad (Nov 25)
- Re: CVE Request: MantisBT SQL injection in view_all_set.php cve-assign (Nov 25)