MantisBT: master-1.2.x 00b4c170

Author Committer Branch Timestamp Parent
Paul Richards dregad master-1.2.x 2014-01-17 11:24 master-1.2.x b72fdaeb
Affected Issues  0016879: CVE-2014-1608: soap:Envelope SQL injection attack
Changeset

Fix CVE-2014-1608: mc_issue_attachment_get SQL injection

Use of db_query() instead of db_query_bound() allowed SQL injection
attacks due to unsanitized use of parameters within the query when using
the SOAP API mc_issue_attachment_get.

This issue was reported by e-mail by Andrea Barisani from oCERT, on
behalf of Martin Herfurt <martin.herfurt@nruns.com>, a security
researcher at n.runs professionals GmbH, who discovered the issue
during an audit at a customer's site.

Fixes 0016879

Signed-off-by: Damien Regad <dregad@mantisbt.org>

Conflicts:
api/soap/mc_file_api.php

mod - api/soap/mc_file_api.php Diff File