Original vulnerability report by Net.Edit0r (Net.Edit0r) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149 MantisBT bug report for full details of the issue: http://www.mantisbt.org/bugs/view.php?id=13245 Please note that the second SQL injection vulnerability identified by Net.Edit0r is not reproducible (refer to the MantisBT bug report above for reasons why). A patch for 1.2.6 is available at: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b MantisBT 1.2.7 is currently being packaged and will be available shortly through usual channels. A CVE request and notice has been sent to oss-security.com
Thanks so much for the report, David!
Created mantis tracking bugs for this issue Affects: fedora-all [bug 731854] Affects: epel-5 [bug 731855]
This was assigned the name CVE-2011-2938.
Currently supported versions of Fedora have 1.2.8, which correct this flaw. EPEL's 1.1.8 may still be affected.
EPEL5 hasn't been touched since Dec 2010, and the package is technically orphaned. As a result I'm closing this bug as this issue is fixed in Fedora. The EPEL5 tracking bug #800667 will remain open until either mantis is dropped from EPEL or it is fixed.