Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3311
HistoryMay 22, 2008 - 12:00 a.m.

Mantis多个输入验证漏洞

2008-05-2200:00:00
Root
www.seebug.org
58

0.003 Low

EPSS

Percentile

68.6%

JSON

BUGTRAQ ID: 29297
CVE(CAN) ID: CVE-2008-2276

Mantis是用PHP脚本语言编写的基于web的漏洞跟踪系统。

Mantis没有正确地验证用户输入,Mantis的return_dynamic_filters.php文件中存在跨站脚本漏洞,manage_user_create.php文件中存在跨站请求伪造漏洞。此外如果用户通过上述漏洞获得了有效的管理帐号的话,由于在adm_config_set.php文件的的第80行的以下语句:

eval( '$t_value = ’ . $f_value . ‘;’ );

这里$f_value是在34行定义的:

$f_value = gpc_get_string( ‘value’ );

$f_value参数没有经过任何验证,因此攻击者可以通过执行phpinfo()函数的恶意URL导致执行任意代码。

mantis 1.1.1
Mantis

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://mantisbt.sourceforge.net/” target=“_blank”>http://mantisbt.sourceforge.net/</a>


                                                http://www.example.com/mantis/return_dynamic_filters.php?filter_target=&lt;script&gt;alert(document.cookie);&lt;/script&gt;
[email protected]&amp;access_level=90&amp;protected=0&amp;enabled=1&quot;&nbsp;target=&quot;_blank&quot;&gt;http://www.e

Related

securityvulns 3
openvas 8
prion 1
nessus 5
fedora 2
ubuntucve 1
seebug 1
packetstorm 1
cve 1
exploitpack 1
exploitdb 1
freebsd 1
gentoo 1
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-05-22 00:00:00
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities
2008-05-22 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-09-24 00:00:00
openvas
openvas
Fedora Update for mantis FEDORA-2008-6657
2009-02-17 00:00:00
Fedora Update for mantis FEDORA-2008-6657
2009-02-17 00:00:00
Fedora Update for mantis FEDORA-2008-6647
2009-02-17 00:00:00
prion
prion
Cross site request forgery (csrf)
2008-05-16 12:54:00
nessus
nessus
Mantis manage_user_create.php CSRF New User Creation
2008-05-15 00:00:00
Fedora 9 : mantis-1.1.2-1.fc9 (2008-6647)
2008-07-23 00:00:00
Fedora 8 : mantis-1.1.2-1.fc8 (2008-6657)
2008-07-23 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: mantis-1.1.2-1.fc9
2008-07-23 07:20:18
[SECURITY] Fedora 8 Update: mantis-1.1.2-1.fc8
2008-07-23 07:21:54
ubuntucve
ubuntucve
CVE-2008-2276
2008-05-16 00:00:00
seebug
seebug
Mantis Bug Tracker 1.1.1 (CE/XSS/CSRF) Multiple Vulnerabilities
2008-05-21 00:00:00
packetstorm
packetstorm
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities
2008-05-20 00:00:00
cve
cve
CVE-2008-2276
2008-05-16 12:54:00
exploitpack
exploitpack
Mantis Bug Tracker 1.1.1 - Code Execution Cross-Site Scripting Cross-Site Request Forgery
2008-05-20 00:00:00
exploitdb
exploitdb
Mantis Bug Tracker 1.1.1 - Code Execution / Cross-Site Scripting / Cross-Site Request Forgery
2008-05-20 00:00:00
freebsd
freebsd
mantis -- multiple vulnerabilities
2008-05-15 00:00:00
gentoo
gentoo
Mantis: Multiple vulnerabilities
2008-09-21 00:00:00

0.003 Low

EPSS

Percentile

68.6%

JSON
Related for SSV:3311
securityvulns3openvas8prion1nessus5fedora2ubuntucve1seebug1packetstorm1cve1exploitpack1exploitdb1freebsd1gentoo1