MantisBT: master-1.2.x 69c2d28d

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2014-12-27 07:34 master-1.2.x 580d45e9
Affected Issues  0017937: MantisBT Security Vulnerability Notification (HTB23243)
 0017940: CVE-2014-9573: SQL Injection in manage_user_page.php
Changeset

Fix SQL injection in manage_user_page.php

This vulnerability (CVE-2014-9573) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue 0017937
(advisory ID HTB23243).

To avoid injection, the parameters we get from the cookie are now
properly sanitized before being used in the SQL query.

Fixes 0017940
mod - manage_user_page.php Diff File