MantisBT: master-1.3.x 7092573f

Author Committer Branch Timestamp Parent
dregad dregad master-1.3.x 2019-09-21 12:10:24 master-1.3.x e593cdb2
Affected Issues  0026162: CVE-2019-15715: Command Execution / Injection Vulnerability
Changeset

Prevent arbitrary shell command execution

Prior to this, Administrators were able to edit 'dot_tool' and
'neato_tool' config options from the Manage Configuration Page

These can now only be set in the config_inc.php file.

Fixes 0026162, CVE-2019-15715

Backported from fc7668c8e45db55fc3a4b991ea99d2b80861a14c.

mod - config_defaults_inc.php Diff File