Search Changesets

MantisBT: master-1.3.x 17f9b94f

2017-08-01 07:00:04


Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC ( reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the

Fixes 0023146

Backported from c73ae3d3d4dd4681489a9e697e8ade785e27cba5
mod - admin/install.php Diff File