diff options
author | miwi <miwi@FreeBSD.org> | 2008-12-07 06:00:53 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-12-07 06:00:53 +0800 |
commit | 8b9f3da7dc313d20e4168778bf05733811fe68ae (patch) | |
tree | f78d5b3b44d0fbfe18ce6e87691ef9f6f7010792 /security/vuxml | |
parent | 6e41ed759342b081eb29126016f55f7444980c5c (diff) | |
download | freebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.tar.gz freebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.tar.zst freebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.zip |
- Document mantis - PHP Code Execution Vulnerability
PR: based on 129438
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2745f1a95fd..5d7e96dbe83 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="af2745c0-c3e0-11dd-a721-0030843d3802"> + <topic>mantis -- php code execution vulnerability</topic> + <affects> + <package> + <name>mantis</name> + <range><lt>1.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32314/"> + <p>EgiX has discovered a vulnerability in Mantis, which can be + exploited by malicious users to compromise a vulnerable system.</p> + <p>Input passed to the "sort" parameter in manage_proj_page.php is not + properly sanitised before being used in a "create_function()" call. + This can be exploited to execute arbitrary PHP code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-4687</cvename> + <url>http://secunia.com/advisories/32314/</url> + </references> + <dates> + <discovery>2008-10-17</discovery> + <entry>2008-12-06</entry> + </dates> + </vuln> + <vuln vid="29255141-c3df-11dd-a721-0030843d3802"> <topic>mantis -- multiple vulnerabilities</topic> <affects> |