MantisBT: master-1.2.x 5571bcf9

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2014-12-28 01:29 master-1.2.x 6d47c047
Affected Issues  0017937: MantisBT Security Vulnerability Notification (HTB23243)
 0017939: CVE-2014-9572: Improper Access Control in install.php
Changeset

Install: disable step 4 (additional config info)

This fixes a security issue allowing an attacker to access the
installation script and obtain database access credentials.

Since the offending install step does not seem to be doing anything
useful, the corresponding code block has been commented out.

This vulnerability (CVE-2014-9571) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue 0017937
(advisory ID HTB23243).

Fixes 0017939
mod - admin/install.php Diff File