MantisBT: master c12a32af
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dhx | dhx | master | 2011-08-31 22:36 | master 224b0f8b |
Affected Issues | 0013282: bug_actiongroup_ext_page.php does not properly sanitise action parameter before including local files | |||
0013283: bug_actiongroup_ext_page.php remote file inclusion: action parameter | ||||
Changeset | Fix 0013282, 0013283: bug_actiongroup_ext_page.php LFI and XSS High-Tech Bridge SA Security Research Lab reported 2 issues with the Issue 0013282 XSS issue with require_once() call failures returning an unescaped Issue 0012283 Local file inclusion/path traversal vulnerability on web servers that Vulnerable (default configuration): Apache This issue has SEVERE consequences for people using web servers which nginx will produce a 404 error when it determines that file.htm is not a Conflicts: |
|||
mod - bug_actiongroup_ext_page.php | Diff File | |||
mod - core/bug_group_action_api.php | Diff File |