|
Mantis JPGraph Remote File Include Command Execution Vulnerability
Solution: Exploitation of this and other remote file include issues may be limited by disabling both 'allow_url_fopen' and 'register_globals' in the local site PHP configuration. This issue has been addressed in Mantis 0.17.4 and later. Versions prior to Mantis 0.15.3 are also not affected. The vendor has announced that if an upgrade cannot be applied, the vulnerability can be addressing by inserting the following lines at the top of summary_graph_functions.php: if ( isset($HTTP_GET_VARS['g_jpgraph_path']) || isset($HTTP_POST_VARS['g_jpgraph_path']) || isset($HTTP_COOKIE_VARS['g_jpgraph_path']) ) { exit; }: Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.12
Mantis Mantis 0.15.3
Mantis Mantis 0.15.4
Mantis Mantis 0.15.5
Mantis Mantis 0.15.6
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.15.9
Mantis Mantis 0.16 .0
Mantis Mantis 0.16.1
Mantis Mantis 0.17 .0
Mantis Mantis 0.17.1
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
|
|
 Privacy Statement |
