| Anonymous | Login | Signup for a new account | 2010-02-09 08:22 EST |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] [ Related Changesets ] | [ Issue History ] [ Print ] | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |
| 0009704 | mantisbt | security | public | 2008-10-17 06:11 | 2008-11-28 15:31 | |
| Reporter | thosjo | |||||
| Assigned To | giallu | |||||
| Priority | normal | Severity | major | Reproducibility | have not tried | |
| Status | closed | Resolution | fixed | |||
| Platform | OS | OS Version | ||||
| Product Version | 1.1.3 | |||||
| Target Version | Fixed in Version | 1.1.4 | ||||
| Summary | 0009704: Remote Code Execution in manage_proj_page.php | |||||
| Description | FYI http://www.milw0rm.com/exploits/6768 [^] [...] An attacker could be able to inject and execute PHP code through $_GET['sort'], that is passed to create_function() at line 195 into multi_sort() function body. By default only registered users can access to manage_proj_page.php [...] | |||||
| Tags | No tags attached. | |||||
| Attached Files | ||||||
 Relationships |
|||||||||||
|
|||||||||||
 Relationships |
|
Notes |
|
 (0019580)giallu (developer) 2008-10-17 06:40 |
having a look here |
|
(0019582) giallu (developer) 2008-10-17 11:26 |
Fixed in both 1.1 and 1.2 branches: http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5679&view=rev [^] http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5680&view=rev [^] |
 (0019595)jreese (administrator) 2008-10-20 08:44 |
Note that certain follow-on patches are needed to fix this: 1.1.x: r5688, r5698 1.2.x: r5689, r5690 |
|
(0019653) giallu (developer) 2008-10-23 09:38 |
This is now known as CVE-2008-4687 |
 (0020101)vboctor (administrator) 2008-11-28 15:31 |
Adding a related thread from the forum showing how a user got affected by this issue: http://www.mantisbt.org/forums/viewtopic.php?f=2&t=6344 [^] |
|
Notes |
| Related Changesets |
|||
|
MantisBT: master-1.1.x 9f2d70ff Timestamp: 2008-10-20 12:44:10 Author: jreese [ Details ] [ Diff ] |
Port r5690 to 1.1.x to fix 0009704. Fix previous commit: 1) array_key_exist does not exist - it is array_key_exists 2) array_key_exists only works on a single dimension array, so we use current()/is_array to search for the sort column in the array and ensure we have a multi-dimensional array. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5698 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core/constant_inc.php | [ Diff ] [ File ] | ||
| mod - lang/strings_english.txt | [ Diff ] [ File ] | ||
| mod - core/utility_api.php | [ Diff ] [ File ] | ||
|
MantisBT: master 4e32f5ae Timestamp: 2008-10-17 15:11:22 Author: giallu [ Details ] [ Diff ] |
Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5680 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core/utility_api.php | [ Diff ] [ File ] | ||
|
MantisBT: master-1.1.x ced9305b Timestamp: 2008-10-17 15:10:53 Author: giallu [ Details ] [ Diff ] |
Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5679 [^] /?p=mantisbt.git;a=object;h=f5dc347c-c33d-0410-90a0-b07cc1902cb9 |
||
| mod - core/utility_api.php | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-10-17 06:11 | thosjo | New Issue | |
| 2008-10-17 06:40 | giallu | Note Added: 0019580 | |
| 2008-10-17 11:26 | giallu | Note Added: 0019582 | |
| 2008-10-17 11:26 | giallu | Status | new => resolved |
| 2008-10-17 11:26 | giallu | Fixed in Version | => 1.1.4 |
| 2008-10-17 11:26 | giallu | Resolution | open => fixed |
| 2008-10-17 11:26 | giallu | Assigned To | => giallu |
| 2008-10-17 11:28 | giallu | Summary | "Mantis Bug Tracker <= 1.1.3 (manage_proj_page.php) Remote Code Execution Exploit " => Remote Code Execution in manage_proj_page.php |
| 2008-10-18 18:33 | giallu | View Status | private => public |
| 2008-10-18 18:33 | giallu | Status | resolved => closed |
| 2008-10-20 08:44 | jreese | Note Added: 0019595 | |
| 2008-10-20 16:45 | Changeset attached | master 5e072bdf => | |
| 2008-10-20 20:19 | Changeset attached | master-1.1.x fe0ae0c1 => | |
| 2008-10-20 20:19 | Changeset attached | master-1.1.x 783c5f3d => | |
| 2008-10-23 09:38 | giallu | Note Added: 0019653 | |
| 2008-11-11 08:32 | giallu | Changeset attached | master 4e32f5ae => |
| 2008-11-11 08:45 | giallu | Changeset attached | master 4e32f5ae => |
| 2008-11-11 09:03 | jreese | Changeset attached | master-1.1.x 9f2d70ff => |
| 2008-11-11 09:03 | giallu | Changeset attached | master-1.1.x ced9305b => |
| 2008-11-19 11:11 | thraxisp | Relationship added | has duplicate 0009858 |
| 2008-11-28 15:31 | vboctor | Note Added: 0020101 | |
| 2009-01-07 13:55 | jreese | Relationship added | has duplicate 0010025 |
|
Issue History |
| MantisBT 1.2.0rc2 git live[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.2360 seconds. memory usage: 1,852 KB |
 |