View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008980 | mantisbt | security | public | 2008-03-16 18:08 | 2008-08-11 09:42 |
Reporter | thraxisp | Assigned To | giallu | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | git trunk | ||||
Fixed in Version | 1.2.0a2 | ||||
Summary | 0008980: Port: Remote Code Execution in adm_config | ||||
Description | Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis C) Remote Code Execution Vulnerabilities Finally we present the most critical vulnerability. A Remote Code Execution vulnerability exists in the software, but it can be exploited only if the attacker has a valid adminitrator account, so it could be ideal if used in conjunction with the previous one. The vulnerability is in the file adm_config_set.php. On row 80 we have the following statement: eval( '$t_value = ' . $f_value . ';' ); where the $f_value is defined at row 34 of the same file: $f_value = gpc_get_string( 'value' ); the parameter $f_value is never validated, so we can exploit this issue with the following url wich executes the phpinfo() function: | ||||
Tags | No tags attached. | ||||
Removing private status since this is public now, as part of Rad Hat reference: |
|
Fixed in SVN revision 5301 http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5301 |
|
MantisBT: master 325cf9a6 2008-05-29 06:17 Details Diff |
Fix 8980: Port: Remote Code Execution in adm_config git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5301 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9 |
Affected Issues 0008980 |
|
mod - adm_config_set.php | Diff File |