MantisBT: master fc7668c8

Author Committer Branch Timestamp Parent
atrol dregad master 2019-08-28 05:39:42 master-2.22 a7413daa
Affected Issues  0026091: CVE-2019-15715: [Admin Required - Post Authentication] Command Execution / Injection Vulnerability
Changeset

Prevent arbitrary shell command execution

Prior to this, Administrators were able to edit 'dot_tool' and
'neato_tool' config options from the Manage Configuration Page

These can now only be set in the config_inc.php file.

Fixes 0026091, CVE-2019-15715

Signed-off-by: Damien Regad <dregad@mantisbt.org>

Original commit message reworded, added CVE reference.

mod - config_defaults_inc.php Diff File