Web application abuses : MantisBT <= 1.2.3 (db_type) Local File Inclusion Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100947

Categoría: Web application abuses

Título: MantisBT <= 1.2.3 (db_type) Local File Inclusion Vulnerability

Resumen: MantisBT is prone to a local file-include vulnerability because it fails; to properly sanitize user supplied input. MantisBT is also prone to a cross-site scripting (XSS) attack.

Descripción: Summary:
MantisBT is prone to a local file-include vulnerability because it fails
to properly sanitize user supplied input. MantisBT is also prone to a cross-site scripting (XSS) attack.

Vulnerability Insight:
Input passed through the 'db_type' parameter (GET & POST) to
upgrade_unattended.php script is not properly verified before being used to include files.

Solution:
No known solution was made available for at least one year since the
disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade
to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4348
42772
http://secunia.com/advisories/42772
51199
http://secunia.com/advisories/51199
ADV-2011-0002
http://www.vupen.com/english/advisories/2011/0002
FEDORA-2010-19070
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html
FEDORA-2010-19078
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html
GLSA-201211-01
http://security.gentoo.org/glsa/glsa-201211-01.xml
[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
http://openwall.com/lists/oss-security/2010/12/15/4
[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability
http://openwall.com/lists/oss-security/2010/12/16/1
http://www.mantisbt.org/blog/?p=123
http://www.mantisbt.org/bugs/changelog_page.php?version_id=112
http://www.mantisbt.org/bugs/view.php?id=12607
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php
https://bugzilla.redhat.com/show_bug.cgi?id=663230
Common Vulnerability Exposure (CVE) ID: CVE-2010-4349
mantisbt-dbtype-path-disclosure(64463)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64463
Common Vulnerability Exposure (CVE) ID: CVE-2010-4350
[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
http://openwall.com/lists/oss-security/2010/12/15/5
[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability
http://openwall.com/lists/oss-security/2010/12/16/2
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100947
Categoría:	Web application abuses
Título:	MantisBT <= 1.2.3 (db_type) Local File Inclusion Vulnerability
Resumen:	MantisBT is prone to a local file-include vulnerability because it fails; to properly sanitize user supplied input. MantisBT is also prone to a cross-site scripting (XSS) attack.
Descripción:	Summary: MantisBT is prone to a local file-include vulnerability because it fails to properly sanitize user supplied input. MantisBT is also prone to a cross-site scripting (XSS) attack. Vulnerability Insight: Input passed through the 'db_type' parameter (GET & POST) to upgrade_unattended.php script is not properly verified before being used to include files. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4348 42772 http://secunia.com/advisories/42772 51199 http://secunia.com/advisories/51199 ADV-2011-0002 http://www.vupen.com/english/advisories/2011/0002 FEDORA-2010-19070 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html FEDORA-2010-19078 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html GLSA-201211-01 http://security.gentoo.org/glsa/glsa-201211-01.xml [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/15/4 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability http://openwall.com/lists/oss-security/2010/12/16/1 http://www.mantisbt.org/blog/?p=123 http://www.mantisbt.org/bugs/changelog_page.php?version_id=112 http://www.mantisbt.org/bugs/view.php?id=12607 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php https://bugzilla.redhat.com/show_bug.cgi?id=663230 Common Vulnerability Exposure (CVE) ID: CVE-2010-4349 mantisbt-dbtype-path-disclosure(64463) https://exchange.xforce.ibmcloud.com/vulnerabilities/64463 Common Vulnerability Exposure (CVE) ID: CVE-2010-4350 [oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/15/5 [oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability http://openwall.com/lists/oss-security/2010/12/16/2 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php
Copyright	Copyright (C) 2010 Greenbone AG