Launchpad CVE tracker

CVE 2008-4687

manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.

Related bugs and status

CVE-2008-4687 (Candidate) is related to these bugs:

Bug #345988: security issues with manage_proj_page.php

Summary				In	Importance	Status
	345988	security issues with manage_proj_page.php		mantis (Ubuntu)	Undecided	Confirmed
	345988	security issues with manage_proj_page.php		mantis (Debian)	Unknown	Unknown

Bug #481631: mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit

		In	Importance	Status
481631	mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit	mantis (Ubuntu)	High	Fix Released
481631	mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit	mantis	Unknown	Fix Released
481631	mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit	mantis (Ubuntu Hardy)	High	Fix Released
481631	mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit	mantis (Ubuntu Intrepid)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008101...
CONFIRM: http://www.mantisbt.or...
CONFIRM: http://www.mantisbt.or...
CONFIRM: https://bugs.gentoo.or...
SECUNIA: 32314
GENTOO: GLSA-200812-07
SECUNIA: 32975
SREASON: 4470
BID: 31789
CONFIRM: http://mantisbt.svn.so...
XF: mantis-sort-code-execu...
EXPLOIT-DB: 6768
EXPLOIT-DB: 44611

Launchpad.net

CVE 2008-4687

Related bugs and status

Related bugs

References