CVE-2014-9280

Опубликовано: 08 дек. 2014

Источник: debian

Описание

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mantis	removed			package
mantis	end-of-life		squeeze	package

Примечания

http://github.com/mantisbt/mantisbt/commit/599364b2
http://www.mantisbt.org/bugs/view.php?id=17875

Связанные уязвимости

CVE-2014-9280

ubuntu

около 11 лет назад

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.

CVE-2014-9280

nvd

около 11 лет назад

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.

GHSA-ffmq-g5qm-f3vf

github

больше 3 лет назад

The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.