MantisBT 1.2.13 < 1.2.17 SQLi
Medium Nessus Network Monitor Plugin ID 8901
SynopsisThe remote web server is hosting a web application that is affected by an SQL injection vulnerability.
DescriptionThe remote web server is hosting MantisBT, an open source bug tracking application written in PHP.
Versions of MantisBT 1.2.13 prior to 1.2.17 are affected by an input validation error related to the 'filter_config_id' parameter in the script 'admin_config_report.php', which could allow SQL injection attacks. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
SolutionUpgrade to MantisBT 1.2.17 or later.