MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003756ATutorDocumentationpublic2009-05-27 10:452009-07-21 08:50
Reportercindy 
Assigned Tocindy 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.6.2 
Target VersionFixed in Version1.6.3 
Summary0003756: "p" parameter on documentation/index.php is not verified
DescriptionInput passed to the "p" parameter in documentation/index.php is not
properly verified before being linked into the frameset, which can be
used to conduct spoofing or phishing attacks.
TagsNo tags attached.
Affects versionSVN
SVN Revision#
Attached Files

- Relationships

-  Notes
(0003528)
cindy (administrator)
2009-05-27 10:47

SVN revision: 8490

Affected script: documentation/index.php
Solution: restrict "p" parameter to access only the scripts in current folder.

Patch 0000024 is issued for the fix.

- Issue History
Date Modified Username Field Change
2009-05-27 10:45 cindy New Issue
2009-05-27 10:45 cindy Affects version => SVN
2009-05-27 10:47 cindy Status new => resolved
2009-05-27 10:47 cindy Fixed in Version => 1.6.2
2009-05-27 10:47 cindy Resolution open => fixed
2009-05-27 10:47 cindy Assigned To => cindy
2009-05-27 10:47 cindy Note Added: 0003528
2009-06-12 09:31 greg Status resolved => new
2009-06-12 09:33 greg Status new => resolved
2009-06-12 09:33 greg Fixed in Version 1.6.2 => 1.6.3
2009-07-21 08:50 greg Status resolved => closed


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker