SECUNIA ADVISORY ID: SA32314
VERIFY ADVISORY: http://secunia.com/advisories/32314/
CRITICAL: Moderately critical
IMPACT: System access
SOFTWARE: Mantis 1.x: http://secunia.com/advisories/product/5571/
DESCRIPTION: EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is confirmed in version 1.1.2 and reported in version 1.1.3. Other versions may also be affected.
Input passed to the "sort" parameter in manage_proj_page.php is not properly sanitised before being used in a "create_function()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.
SOLUTION: Restrict access to manage_proj_page.php (e.g. with ".htaccess").
PROVIDED AND/OR DISCOVERED BY: EgiX
ORIGINAL ADVISORY: http://milw0rm.com/exploits/6768
Mantis *sort* PHP Code Execution VulnerabilityPosted on Friday, October 17, 2008 @ 17:20:32 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
