Original vulnerability report by Net.Edit0r (<email address hidden>) from BlACK Hat Group [http://black-hg.org] is available at: http://packetstormsecurity.org/files/104149
MantisBT bug report for full details of the issue: http://www.mantisbt.org/bugs/view.php?id=13245
Please note that the second SQL injection vulnerability identified by Net.Edit0r is not reproducible (refer to the MantisBT bug report above for reasons why).
A patch for 1.2.6 is available at: https://github.com/mantisbt/mantisbt/commit/317f3db3a3c68775de3acf3b15f55b1e3c18f93b
MantisBT 1.2.7 is currently being packaged and will be available shortly through usual channels.
A CVE request and notice has been sent to <email address hidden>
Original vulnerability report by Net.Edit0r (<email address hidden>) from BlACK Hat black-hg. org] is available at: packetstormsecu rity.org/ files/104149
Group [http://
http://
MantisBT bug report for full details of the issue: www.mantisbt. org/bugs/ view.php? id=13245
http://
Please note that the second SQL injection vulnerability identified by
Net.Edit0r is not reproducible (refer to the MantisBT bug report above for
reasons why).
A patch for 1.2.6 is available at: /github. com/mantisbt/ mantisbt/ commit/ 317f3db3a3c6877 5de3acf3b15f55b 1e3c18f93b
https:/
MantisBT 1.2.7 is currently being packaged and will be available shortly
through usual channels.
A CVE request and notice has been sent to <email address hidden>