FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- "t_core_path" file inclusion vulnerability

Affected packages
mantis < 1.0.0rc3

Details

VuXML ID 82a41084-6ce7-11da-b90c-000e0c2e438a
Discovery 2005-10-26
Entry 2005-12-14

Secunia Research reports:

Input passed to the "t_core_path" parameter in "bug_sponsorship_list_view_inc.php" isn't properly verified, before it used to include files. This can be exploited to include arbitrary files from external and local resources.

[source]

References

CVE Name CVE-2005-3335
URL http://secunia.com/secunia_research/2005-46/advisory/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.