oss-sec mailing list archives

Re: CVE request: PHP Object Injection in MantisBT filter API

From: cve-assign () mitre org
Date: Fri, 5 Dec 2014 10:37:22 -0500 (EST)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the function current_user_get_bug_filter(), the code loads a variable
from $_GET['filter']/$_POST['filter'] and if it's not numeric, feeds it
straight into unserialize() allowing an attacker to inject a PHP object.


Use CVE-2014-9280.

- ---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEVAwUBVIHQnallVAevmvmsAQKGJgf+OKpsaxKCv2/tLY55l9EqJWyq4XJ6w7et
xxB8XG1nBtz87UzPqFOznjbdMn1MIQRSGAzxPaQNe8EF0fMxDErTivNeMrRcVdlP
TEwQS6YQr0UdJpBH0ngpUrC63fBDkHX5c2mdbUE3rniSjj4pReQS4B8EcLFaTG/z
B/ZerfEiOSI8xk3O5fnMcZ4ryDQLB6fUyLamcXDVDJi74R0Ah8God8pJiZQN4y+W
Jsle18GcUvobf8eEO+FIbAZ6mcTtSqxESSr0e3+4rl6j8rZofMtXfP+wgm94lINJ
asyqDE//Yg2uASsB896SGMwVE642DP1KllxHEs1zMt5Mo+12N171WA==
=+kx+
-----END PGP SIGNATURE-----

Current thread:

CVE request: PHP Object Injection in MantisBT filter API Damien Regad (Nov 29)
- Re: CVE request: PHP Object Injection in MantisBT filter API cve-assign (Dec 05)