[arch-security] [Arch Linux Security Advisory ASA-201411-3] mantisbt: sql injection
anthraxx at archlinux.org
Wed Nov 5 19:23:06 UTC 2014
Arch Linux Security Advisory ASA-201411-3
Date : 2014-11-05
CVE-ID : CVE-2014-8554
Package : mantisbt
Type : sql injection
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
The package mantisbt before version 1.2.17-3 is vulnerable to SQL injection.
Upgrade to 1.2.17-3.
# pacman -Syu "mantisbt>=1.2.17-3"
The problem has been fixed upstream  but no release version is
Edwin Gozeling and Wim Visser discovered that when the project_id
parameter of the SOAP-request starts with the integer of a project to
which the user (or anonymous) is authorized, the ENTIRE value will
become the first item of $t_projects. As this value is concatenated in
the SQL statement, SQL-injection becomes possible.
A remote attacker is able to perform SQL injection via specially crafted
SOAP-requests. Depending on the configuration this can be escalated to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security