2 matches found
PT-2026-39882
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can bypass the Content Security Policy CSP script-src directive by uploading a crafted attachment to an issue. When this attachment is accessed via the 'file download.php'...
patbb-rfi.txt
Link to download: http://www.php-tools.net/site.php?file=patBBCode/overview.xml Vuln file: examples\patExampleGen\bbcodeSource.php Vuln code: if !isset $GET'example' die 'No example selected.' ; $exampleId = $GET'example'; obstart; // make the example think it's still in the right place chdir '.....