mantis: multiple vulnerabilities
| Package(s): | mantis | CVE #(s): | CVE-2014-9280 CVE-2014-9279 CVE-2014-6316 CVE-2014-9117 CVE-2014-9089 | ||||||||||||||||
| Created: | December 22, 2014 | Updated: | December 24, 2014 | ||||||||||||||||
| Description: | From the CVE entries:
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter. (CVE-2014-9280) The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname parameter and reading the parameters in the response sent to the URL. (CVE-2014-9279) MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0. (CVE-2014-9117) Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. (CVE-2014-9089) From the Red Hat bugzilla: A bug in the URL sanitization routine allows an attacker to craft an URL that can redirect outside of the MantisBT instance's domain when the software is installed at the web server's root. (CVE-2014-6316) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||