Mantis *sort* PHP Code Execution Vulnerability

Posted on Friday, October 17, 2008 @ 18:20:32 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA32314

VERIFY ADVISORY: http://secunia.com/advisories/32314/

CRITICAL: Moderately critical

IMPACT: System access

SOFTWARE: Mantis 1.x: http://secunia.com/advisories/product/5571/

DESCRIPTION: EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is confirmed in version 1.1.2 and reported in version 1.1.3. Other versions may also be affected.

Input passed to the "sort" parameter in manage_proj_page.php is not properly sanitised before being used in a "create_function()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.

SOLUTION: Restrict access to manage_proj_page.php (e.g. with ".htaccess").

PROVIDED AND/OR DISCOVERED BY: EgiX

ORIGINAL ADVISORY: http://milw0rm.com/exploits/6768
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,108,370
  • Today: 4,645
Server InfoServer Info
  • Jan 17, 2018
  • 01:27 am PST
 
 

Daily Inspiration