aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2008-12-07 06:00:53 +0800
committermiwi <miwi@FreeBSD.org>2008-12-07 06:00:53 +0800
commit8b9f3da7dc313d20e4168778bf05733811fe68ae (patch)
treef78d5b3b44d0fbfe18ce6e87691ef9f6f7010792 /security/vuxml
parent6e41ed759342b081eb29126016f55f7444980c5c (diff)
downloadfreebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.tar.gz
freebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.tar.zst
freebsd-ports-graphics-8b9f3da7dc313d20e4168778bf05733811fe68ae.zip
- Document mantis - PHP Code Execution Vulnerability
PR: based on 129438 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 2745f1a95fd..5d7e96dbe83 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="af2745c0-c3e0-11dd-a721-0030843d3802">
+ <topic>mantis -- php code execution vulnerability</topic>
+ <affects>
+ <package>
+ <name>mantis</name>
+ <range><lt>1.1.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>secunia reports:</p>
+ <blockquote cite="http://secunia.com/advisories/32314/">
+ <p>EgiX has discovered a vulnerability in Mantis, which can be
+ exploited by malicious users to compromise a vulnerable system.</p>
+ <p>Input passed to the "sort" parameter in manage_proj_page.php is not
+ properly sanitised before being used in a "create_function()" call.
+ This can be exploited to execute arbitrary PHP code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2008-4687</cvename>
+ <url>http://secunia.com/advisories/32314/</url>
+ </references>
+ <dates>
+ <discovery>2008-10-17</discovery>
+ <entry>2008-12-06</entry>
+ </dates>
+ </vuln>
+
<vuln vid="29255141-c3df-11dd-a721-0030843d3802">
<topic>mantis -- multiple vulnerabilities</topic>
<affects>