Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MantisBT 1.2.13 < 1.2.17 SQLi

Medium

Synopsis

The remote web server is hosting a web application that is affected by an SQL injection vulnerability.

Description

The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.

Versions of MantisBT 1.2.13 prior to 1.2.17 are affected by an input validation error related to the 'filter_config_id' parameter in the script 'admin_config_report.php', which could allow SQL injection attacks. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Solution

Upgrade to MantisBT 1.2.17 or later.