MantisBT: master-1.2.x bed19db9
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-1.2.x | 2014-11-01 10:45 | master-1.2.x dc9f0157 |
Affected Issues | 0017725: CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin | |||
Changeset | XML Import: Fix php code injection vulnerability Egidio Romano discovered a vulnerability in the XML import plugin. User input passed through the "description" field (and the "issuelink" This fix is a partial backport from a master branch commit which has Fixes 0017725 (CVE-2014-7146) |
|||
mod - plugins/XmlImportExport/ImportXml.php | Diff File |