Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000013LnBlog[All Projects] Vulnerabilitypublic2010-12-13 23:362010-12-17 10:48
Reporterpageer 
Assigned Topageer 
PriorityhighSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version0.9.0 
Target Version1.0.0Fixed in Version1.0.0 
Summary0000013: Directory traversal vulnerability
DescriptionThere is a directory traversal vulnerability in the showblog.php page. For details see:
http://www.securityfocus.com/bid/31459 [^]

Graciously reported (ages ago) by Ivar Lazarev.
TagsNo tags attached.
Attached Files

- Relationships
related to 0000014assignedpageer Code uses include_path to find config and other files 

-  Notes
(0000015)
Source Control (developer)
2010-12-13 23:56

Changeset 74:cda1ff9a7385 by Peter Geer, Mon Dec 13 23:56:34 2010 -0500
Fixed bug 0000013 - removed dependence on include_path in favor of a white-list of directories.
pages/showblog.php

- Issue History
Date Modified Username Field Change
2010-12-13 23:36 pageer New Issue
2010-12-13 23:36 pageer Status new => assigned
2010-12-13 23:36 pageer Assigned To => pageer
2010-12-13 23:56 Source Control Checkin
2010-12-13 23:56 Source Control Note Added: 0000015
2010-12-13 23:56 Source Control Status assigned => resolved
2010-12-13 23:56 Source Control Resolution open => fixed
2010-12-17 10:42 pageer Relationship added related to 0000014
2010-12-17 10:48 pageer Fixed in Version => 1.0.0


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker