MantisBT - ATutor
View Issue Details
0003756ATutorDocumentationpublic2009-05-27 10:452009-07-21 08:50
cindy 
cindy 
normalminoralways
closedfixed 
1.6.2 
1.6.3 
SVN
0003756: "p" parameter on documentation/index.php is not verified
Input passed to the "p" parameter in documentation/index.php is not
properly verified before being linked into the frameset, which can be
used to conduct spoofing or phishing attacks.
No tags attached.
Issue History
2009-05-27 10:45cindyNew Issue
2009-05-27 10:45cindyAffects version => SVN
2009-05-27 10:47cindyStatusnew => resolved
2009-05-27 10:47cindyFixed in Version => 1.6.2
2009-05-27 10:47cindyResolutionopen => fixed
2009-05-27 10:47cindyAssigned To => cindy
2009-05-27 10:47cindyNote Added: 0003528
2009-06-12 09:31gregStatusresolved => new
2009-06-12 09:33gregStatusnew => resolved
2009-06-12 09:33gregFixed in Version1.6.2 => 1.6.3
2009-07-21 08:50gregStatusresolved => closed

Notes
(0003528)
cindy   
2009-05-27 10:47   
SVN revision: 8490

Affected script: documentation/index.php
Solution: restrict "p" parameter to access only the scripts in current folder.

Patch 0000024 is issued for the fix.