mantisbt security flaw

2002-08-15T00:00:00
ID SECURITYVULNS:DOC:3358
Type securityvulns
Reporter Securityvulns
Modified 2002-08-15T00:00:00

Description

Hi,

Mantis is php/MySQL/web based bug tracking system, available at http://mantisbt.sourceforge.net/. It currently suffers from a classical PHP bad coding practice (altough i would bet on distraction for this particular situation ), that may result on remote command execution via a include file.

Users affected should aply the quick fix bellow, other acordingly, or update mantisbt via CVS. Affected versions should include the latest available for download ( at the time of writing, 0.17.3), as well as the previous ones that include the jpgraph feature.

Regards,

Joao Gouveia

tharbad@kaotik.org

-----Original Message----- From: mantisbt-announce-admin@lists.sourceforge.net [mailto:mantisbt-announce-admin@lists.sourceforge.net] On Behalf Of Kenzaburo Ito Sent: Tuesday, August 13, 2002 02:34 To: mantisbt-announce@lists.sourceforge.net Subject: [Mantisbt-announce] Security Advisory

All,

There is a security hole in summary_graph_functions.php. Users may be able to run code remotely. To fix, insert these lines at the top:

if ( isset($HTTP_GET_VARS['g_jpgraph_path']) || isset($HTTP_POST_VARS['g_jpgraph_path']) || isset($HTTP_COOKIE_VARS['g_jpgraph_path']) ) { exit; }

Thanks go to Joao Gouveia: tharbad@kaotik.org

Thanks, -Ken