View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019277 | mantisbt | security | public | 2015-01-27 04:50 | 2015-03-15 19:58 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 1.3.0-beta.1 | ||||
Target Version | 1.3.0-beta.2 | Fixed in Version | 1.3.0-beta.2 | ||
Summary | 0019277: CVE-2014-9573: SQL Injection in manage_user_page.php | ||||
Description | This is a clone of 0017940 to track the vulnerability in 1.3.x branch | ||||
Additional Information | Advisory ID: HTB23243 Original report in 0017937 | ||||
Tags | No tags attached. | ||||
MantisBT: master 7cc4539f 2014-12-27 07:34 Details Diff |
Fix SQL injection in manage_user_page.php This vulnerability (CVE-2014-9573) was reported by High-Tech Bridge Security Research Lab (https://www.htbridge.com/) in issue 0017937 (advisory ID HTB23243). To avoid injection, the parameters we get from the cookie are now properly sanitized before being used in the SQL query. Fixes 0017940 |
Affected Issues 0017937, 0017940, 0019277 |
|
mod - manage_user_page.php | Diff File |