MantisBT: master 7d3dd430

Author Committer Branch Timestamp Parent
dregad dregad master 2014-10-17 11:21:25 master 8961a667
Affected Issues 0017725: CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin
0017780: CVE-2014-8598: XML plugin should restrict ability to import data
Changeset

XML plugin: Add config page with access thresholds

Prior to this, any user of a MantisBT instance with the XML
Import/Export plugin enabled and knowing the URL to the plugin's import
page could upload an XML file and insert data without restriction,
regardless of their access level.

This vulnerability is particularly dangerous when used in combination
with the one described in issue 0017725 (CVE-2014-7146) as it makes for a
very simple and easily accessible vector for PHP code injection attacks.

There was also no access check when exporting data, which could allow an
attacker to gain access to confidential information (disclosure of all
bug-related data, including usernames).

Fixes 0017780 (CVE-2014-8598)

mod - plugins/XmlImportExport/XmlImportExport.php Diff File
mod - plugins/XmlImportExport/lang/strings_english.txt Diff File
add - plugins/XmlImportExport/pages/config.php Diff File
add - plugins/XmlImportExport/pages/config_page.php Diff File
mod - plugins/XmlImportExport/pages/export.php Diff File
mod - plugins/XmlImportExport/pages/import.php Diff File