icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mantis < 1.1.2 account_prefs_update.php language Parameter Traversal Local File Inclusion

High

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running Mantis Bug Tracker.

The version of Mantis Bug Tracker installed on the remote host does not properly parse user-supplied data to the 'language' parameter of the 'account_prefs_update.php' script. An attacker can gain 'read' access to local files or execute arbitrary files that are already present on the web server. An attacker exploiting this flaw would send a specially formatted 'language' parameter to the affected script. This parameter would probably contain file names preceded by directory-traversal strings.

Solution

Upgrade to version 1.1.2 or higher.