MantisBT: master f21b56fa

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2017-05-13 14:45 master 2d541e98
Affected Issues  0022702: CVE-2017-7620: CSRF - Arbitrary Permalink Injection
Changeset

Add form security token to permalink_page.php

John Page aka hyp3rlinx / ApparitionSec http://hyp3rlinx.altervista.org
reported a CSRF vulnerability in permalink_page.php, allowing an
attacker to inject arbitrary links (CVE-2017-7620).

The security token prevents such injection.

Fixes 0022702
mod - core/filter_api.php Diff File
mod - permalink_page.php Diff File