oss-sec mailing list archives
Re: CVE request: PHP Object Injection in MantisBT filter API
From: cve-assign () mitre org
Date: Fri, 5 Dec 2014 10:37:22 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In the function current_user_get_bug_filter(), the code loads a variable from $_GET['filter']/$_POST['filter'] and if it's not numeric, feeds it straight into unserialize() allowing an attacker to inject a PHP object.
Use CVE-2014-9280. - --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEVAwUBVIHQnallVAevmvmsAQKGJgf+OKpsaxKCv2/tLY55l9EqJWyq4XJ6w7et xxB8XG1nBtz87UzPqFOznjbdMn1MIQRSGAzxPaQNe8EF0fMxDErTivNeMrRcVdlP TEwQS6YQr0UdJpBH0ngpUrC63fBDkHX5c2mdbUE3rniSjj4pReQS4B8EcLFaTG/z B/ZerfEiOSI8xk3O5fnMcZ4ryDQLB6fUyLamcXDVDJi74R0Ah8God8pJiZQN4y+W Jsle18GcUvobf8eEO+FIbAZ6mcTtSqxESSr0e3+4rl6j8rZofMtXfP+wgm94lINJ asyqDE//Yg2uASsB896SGMwVE642DP1KllxHEs1zMt5Mo+12N171WA== =+kx+ -----END PGP SIGNATURE-----
Current thread:
- CVE request: PHP Object Injection in MantisBT filter API Damien Regad (Nov 29)
- Re: CVE request: PHP Object Injection in MantisBT filter API cve-assign (Dec 05)