Vigil@nce: Mantis, several vulnerabilities
July 2008 by Vigil@nce
Several Mantis vulnerabilities can be used by an attacker to
obtain information or to execute code.
– Gravity: 2/4
– Consequences: privileged access/rights, user access/rights, client
access/rights, data reading
– Provenance: intranet client
– Means of attack: 4 attacks
– Ability of attacker: beginner (1/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 23/07/2008
– Identifier: VIGILANCE-VUL-7963
IMPACTED PRODUCTS
– Fedora [confidential versions]
– Unix - plateform
DESCRIPTION
The Mantis environment manages application bugs, using a MySQL
database and PHP generated web pages. It contains several
vulnerabilities.
An attacker with an administrator account can use the "value"
parameter of the adm_config_set.php script to execute PHP code on
the server. [grav:2/4; 0008976]
An attacker can create a Cross Site Request Forgery when an
administrator accepts to click on a special url. [grav:2/4;
0008975]
An attacker can modify his preferences in order to force a file
inclusion in PHP code. [grav:2/4; 0009154]
An authenticated attacker can use the "file_target" parameter of
the return_dynamic_filters.php script in order to create a Cross
Site Scripting attack. [grav:2/4; 0008974]
CHARACTERISTICS
– Identifiers: 0008974, 0008975, 0008976, 0009154, FEDORA-2008-6647,
FEDORA-2008-6657, VIGILANCE-VUL-7963
– Url: https://vigilance.aql.fr/tree/1/7963