MantisBT: master-1.2.x 80a15487
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
dregad | dregad | master-1.2.x | 2014-10-17 07:21 | master-1.2.x bed19db9 |
Affected Issues | 0017725: CVE-2014-7146 : PHP Code Injection Vulnerability in XmlImportExport plugin | |||
0017780: CVE-2014-8598: XML plugin should restrict ability to import data | ||||
Changeset | XML plugin: Add config page with access thresholds Prior to this, any user of a MantisBT instance with the XML This vulnerability is particularly dangerous when used in combination There was also no access check when exporting data, which could allow an Fixes 0017780 (CVE-2014-8598) |
|||
mod - plugins/XmlImportExport/XmlImportExport.php | Diff File | |||
mod - plugins/XmlImportExport/lang/strings_english.txt | Diff File | |||
add - plugins/XmlImportExport/pages/config.php | Diff File | |||
add - plugins/XmlImportExport/pages/config_page.php | Diff File | |||
mod - plugins/XmlImportExport/pages/export.php | Diff File | |||
mod - plugins/XmlImportExport/pages/import.php | Diff File |