mantis

• Author: Miklos Vajna
• Vulnerable: 1.1.2-1
• Unaffected: 1.1.4-1solaria1

EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the “sort” parameter in manage_proj_page.php is not properly sanitised before being used in a “create_function()” call. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.

• Bug Tracker URL: http://bugs.frugalware.org/task/3411

CVEs:

• No CVE, see http://milw0rm.com/exploits/6768