Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[oCERT-2014-001] MantisBT input sanitization errors
Feb 08 2014 01:49PM
Andrea Barisani (lcars ocert org)
#2014-001 MantisBT input sanitization errors
The MantisBT web-based bugtracking system suffers from SQL injection
vulnerabilities caused by insufficient input sanitization.
The MantisBT SOAP API uses the unsafe db_query() function allowing a
specially crafted tag within the envelope...
[ more ]
Copyright 2010, SecurityFocus