Relationship Graph
related to 
child of 
duplicate of View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0019277 | mantisbt | security | public | 2015-01-27 04:50 | 2015-03-15 19:58 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | normal | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.3.0-beta.1 | ||||
| Target Version | 1.3.0-beta.2 | Fixed in Version | 1.3.0-beta.2 | ||
| Summary | 0019277: CVE-2014-9573: SQL Injection in manage_user_page.php | ||||
| Description | This is a clone of 0017940 to track the vulnerability in 1.3.x branch | ||||
| Additional Information | Advisory ID: HTB23243 Original report in 0017937 | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master 7cc4539f 2014-12-27 07:34 Details Diff |
Fix SQL injection in manage_user_page.php This vulnerability (CVE-2014-9573) was reported by High-Tech Bridge Security Research Lab (https://www.htbridge.com/) in issue 0017937 (advisory ID HTB23243). To avoid injection, the parameters we get from the cookie are now properly sanitized before being used in the SQL query. Fixes 0017940 |
Affected Issues 0017937, 0017940, 0019277 |
|
| mod - manage_user_page.php | Diff File | ||
