MantisBT 1.2.13 - 1.2.16 'admin_config_report.php' SQLi

medium Nessus Plugin ID 80913

Synopsis

The remote web server contains a PHP application that is affected by a SQL injection vulnerability.

Description

According to its version number, the MantisBT application hosted on the remote web server is 1.2.13 or later but prior to 1.2.17. It is, therefore, affected by an input validation error related to the 'filter_config_id' parameter in the script 'admin_config_report.php', which could allow SQL injection attacks.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 1.2.17 or later.

See Also

https://mantisbt.org/blog/archives/mantisbt/288

http://www.nessus.org/u?1e65bcbf

https://seclists.org/oss-sec/2014/q1/490

http://mantisbt.domainunion.de/bugs/view.php?id=17055

Plugin Details

Severity: Medium

ID: 80913

File Name: mantis_1_2_17.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 1/22/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:mantisbt:mantisbt

Required KB Items: installed_sw/MantisBT, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 3/4/2014

Vulnerability Publication Date: 2/28/2014

Reference Information

CVE: CVE-2014-2238

BID: 65903