View Issue Details

IDProjectCategoryView StatusLast Update
0034466mantisbtsecuritypublic2024-06-10 01:37
Reportersintaq Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionno change required 
Summary0034466: Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution
Description

Below are CVEs referred, Would there be security release by MantisBT team? Or i need to rely on PHP's patch?

CVE-2024-1874: OS Command Injection
CVE-2024-2408: Observable discrepancy
CVE-2024-4577: OS Command Injection
CVE-2024-5458: Input validation error

TagsNo tags attached.

Activities

atrol

atrol

2024-06-10 01:37

developer   ~0068967

Or i need to rely on PHP's patch?

Right, the MantisBT installer does not include PHP

sintaq,

This is not a bug or feature request for MantisBT (you are asking for help on how to update your PHP version). I am therefore resolving this issue as "no change required".

Please use the forums to get support on customizing and using MantisBT (refer to https://mantisbt.org/support.php for links and further details).