BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[oCERT-2014-001] MantisBT input sanitization errors Feb 08 2014 01:49PM
Andrea Barisani (lcars ocert org)

#2014-001 MantisBT input sanitization errors

Description:

The MantisBT web-based bugtracking system suffers from SQL injection
vulnerabilities caused by insufficient input sanitization.

The MantisBT SOAP API uses the unsafe db_query() function allowing a
specially crafted tag within the envelope...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus