'[oss-security] Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability
From:       cve-assign () mitre ! org
Date:       2014-02-28 20:05:41
Message-ID: 201402282005.s1SK5fhc001797 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.mantisbt.org/bugs/view.php?id=17055

> admin_config_report.php relied on unsanitized, inlined query parameters, 
> enabling a malicious user to perform an SQL injection attack.

Use CVE-2014-2238.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTEOrzAAoJEKllVAevmvmspe0H/2ZbK4tLZxphR3oxZxG4us3k
id4xpzKnkXhxvh1WOcAOg7XZO1Hz0C8KP+I4uHEPXgRTdkZ8cgxql7Za950xmKIh
GheEzcHA+2tLPPsVnvqUNgzzfPfDRrclLXHctWLzgEq3zlP6IoDM38R9GbYW4h1k
AOofk0X5KKZPo0W4UiUeu78pztM/7pPmll/TmGmUXYBILK6kZmIyl7y0c9vsxr30
N8TDZWae5iQzTbnqI9OIDyd9hGfZVs0ec/jKToMKNt/Hku1UB4WMqk7qO/Size/V
ICxKaeTc4gr4kbxTgw4FYEQ9wT1fZNGLbpineeBrtbxu4F6VAj5fY0A1viyrjd8=
=z9fj
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic