MantisBT: master-1.2.x 599364b2
Author | Committer | Branch | Timestamp | Parent |
---|---|---|---|---|
Paul Richards | dregad | master-1.2.x | 2014-11-01 12:10 | master-1.2.x 0826cef8 |
Affected Issues | 0017875: CVE-2014-9280: PHP Object Injection in filter API | |||
Changeset | Do not pass raw user data to unserialize Filters were moved to TOKEN api, so the code in current_user_api to handle This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) Fixes 0017875 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad dregad@mantisbt.org |
|||
mod - core/current_user_api.php | Diff File |