CVE-2017-12419

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
References
Link Resource
https://mantisbt.org/bugs/view.php?id=23173 Vendor Advisory
http://openwall.com/lists/oss-security/2017/08/04/6 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/100142 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mantisbt:mantisbt:2.5.2:*:*:*:*:*:*:*
OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

Information

Published : 2017-08-05 08:29

Updated : 2017-08-09 12:33


NVD link : CVE-2017-12419

Mitre link : CVE-2017-12419


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

mariadb

  • mariadb

mysql

  • mysql

mantisbt

  • mantisbt