|
Mantis Unauthorized Project Bug List Viewing Vulnerability
Solution: The vendor has included a source code fix: --- mantis-0.17.4a/view_all_bug_page.php Mon Aug 19 07:18:54 2002 +++ mantis-0.17.5/view_all_bug_page.php Fri Aug 23 11:57:50 2002 @@ -90,7 +90,7 @@ $result2 = db_query( $query2 ); $project_count = db_num_rows( $result2 ); if ( 0 == $project_count ) { - $t_where_clause = " WHERE 1=1"; + $t_where_clause = " WHERE 0=1"; } else { $t_where_clause = " WHERE ("; for ($i=0;$i<$project_count;$i++) { An updated version is available: Mantis Mantis 0.17 .0
Mantis Mantis 0.17.1
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.17.4 a
Mantis Mantis 0.17.4
|
|
|
Privacy Statement |
