A remote PHP code execution flaws was reported for Mantis. Registered users can execute code via specially crafted sort parameter to manage_proj_page.php page. Upstream bug report: http://www.mantisbt.org/bugs/view.php?id=9704 Public exploit: http://www.milw0rm.com/exploits/6768 Fixed upstream in 1.1.4: http://www.mantisbt.org/bugs/changelog_page.php http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5679
Is this for our own records? do I need to close this myself? (I pushed 1.1.4 few hours ago)
I know. That was for proper reference from Bodhi update request. Though I'm not able to actually add it to the update request at the moment due to what seems to be a bodhi bug (https://fedorahosted.org/bodhi/ticket/254).
Ok. thank you
Additional references: http://www.mantisbt.org/bugs/view.php?id=0009704 https://bugs.gentoo.org/show_bug.cgi?id=242722
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9015 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-8925