Search Changesets

MantisBT: master-2.5 c73ae3d3

2017-08-01 07:00:04

dregad

Details Diff
Fix XSS in install.php (CVE-2017-12061)

aLLy from ONSEC (https://twitter.com/IamSecurity) reported this
vulnerability, allowing an attacker to inject arbitrary code through
crafted forms variables.

Sanitizing the database error message prior to output prevents the
attack.

Fixes 0023146
mod - admin/install.php Diff File