View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006273 | mantisbt | security | public | 2005-09-20 06:58 | 2006-10-09 11:55 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.0rc2 | ||||
Fixed in Version | 1.0.0rc3 | ||||
Summary | 0006273: File Inclusion Vulnerability | ||||
Description | Andreas Sandblad, Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "t_core_path" parameter in "bug_sponsorship_list_view_inc.php" isn't properly verified, before it used to include files. This can be exploited to include arbitrary files from external and local resources. We have assigned the vulnerability Secunia Advisory SA16818 and have put a preliminary release date on our advisory for 12 October 2005, 1PM CET. Examples: Successful exploitation requires that "register_globals" is enabled (not recommended setting). The vulnerability has been confirmed in version 1.0.0rc2. Other versions may also be affected. | ||||
Tags | No tags attached. | ||||
0005956:0010823 says we want to treat register_globals==ON as a fatal error, with which I couldn't agree more. Is that not in 1.0.0rc1 or 1.0.0rc2? 0005956:0010823 suggests it would be, but the existence of 0006273 implies that it is not. Or are we perhaps only checking for register_globals==OFF in the setup scripts, and not at the top of every page as we would need to? |
|
bug_sponsorship_list_view_inc.php -> 1.12.4.1 |
|