MantisBT: master 7cc4539f

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2014-12-27 07:34 master 75c87e67
Affected Issues  0017937: MantisBT Security Vulnerability Notification (HTB23243)
 0017940: CVE-2014-9573: SQL Injection in manage_user_page.php
 0019277: CVE-2014-9573: SQL Injection in manage_user_page.php
Changeset

Fix SQL injection in manage_user_page.php

This vulnerability (CVE-2014-9573) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue 0017937
(advisory ID HTB23243).

To avoid injection, the parameters we get from the cookie are now
properly sanitized before being used in the SQL query.

Fixes 0017940
mod - manage_user_page.php Diff File