Mantis view_all_set.php sort Variable SQL Injection

2005-12-23T05:32:37
ID OSVDB:22052
Type osvdb
Reporter Tobias Klein(tk@trapkit.de)
Modified 2005-12-23T05:32:37

Description

Vulnerability Description

Mantis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_all_set.php script not properly sanitizing user-supplied input to the 'sort' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 0.19.4, 1.0.0rc4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mantis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view_all_set.php script not properly sanitizing user-supplied input to the 'sort' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.mantisbt.org/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=377932&group_id=14963 Vendor Specific Advisory URL Secunia Advisory ID:18221 Secunia Advisory ID:18181 Secunia Advisory ID:18481 Related OSVDB ID: 22051 Related OSVDB ID: 22054 Related OSVDB ID: 22053 Related OSVDB ID: 22056 Related OSVDB ID: 22057 Related OSVDB ID: 22055 Other Advisory URL: http://www.trapkit.de/advisories/TKADV2005-11-002.txt Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-12.xml Keyword: TKADV2005-11-002 FrSIRT Advisory: ADV-2005-3064 CVE-2005-4519 Bugtraq ID: 16046