|
|
>> Mantis Multiple SQL Injection and Cross Site Scripting Vulnerabilities
|
Multiple vulnerabilities were identified in Mantis, which could be exploited by malicious users to perform SQL injection or cross site scripting attacks.
The first issue is due to input validation errors in filters that do not properly validate certain parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
The second vulnerability is due to an unspecified error when processing malformed headers, which may be exploited by malicious people to conduct HTTP response splitting attacks.
The third flaw is due to input validation errors in the manage user pages that do not properly handle specially crafted variables, which may be exploited by malicious people to conduct SQL injection attacks.
The fourth issue is due to a design error where private bugs are disclosed in public RSS feeds, which could be exploited by attackers to gain knowledge of sensitive information.
The fifth flaw is due to an unspecified error in filters, which could be exploited by malicious people to conduct injection attacks.
The sixth vulnerability is due to an unspecified file upload error.
Affected Products
Mantis version 0.19.3 and prior
Mantis version 1.0.0rc3 and prior
Solution
Upgrade to Mantis version 0.19.4 or 1.0.0rc4 :
http://www.mantisbt.org/download.php
References
http://www.vupen.com/english/advisories/2005/3064
http://sourceforge.net/mailarchive/forum.php?thread_id=9266800&forum_id=7369
Credits
Vulnerabilities reported by Tobias Klein and the vendor
ChangeLog
2005-12-23 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
