FreeBSD : mantis -- php code execution vulnerability (af2745c0-c3e0-11dd-a721-0030843d3802)
High Nessus Plugin ID 35057
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system.
Input passed to the 'sort' parameter in manage_proj_page.php is not properly sanitised before being used in a 'create_function()' call.
This can be exploited to execute arbitrary PHP code.
SolutionUpdate the affected package.