CVE-2011-3357

Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297 Exploit Patch
http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html Exploit
http://secunia.com/advisories/45961 Vendor Advisory
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8392
http://www.debian.org/security/2011/dsa-2308
http://www.mantisbt.org/bugs/view.php?id=13281 Exploit
http://www.openwall.com/lists/oss-security/2011/09/04/1 Exploit
http://www.openwall.com/lists/oss-security/2011/09/04/2
http://www.openwall.com/lists/oss-security/2011/09/09/9 Exploit
http://www.securityfocus.com/archive/1/519547/100/0/threaded
http://www.securityfocus.com/bid/49448
https://bugzilla.redhat.com/show_bug.cgi?id=735514 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/69588
https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d Patch
https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f Patch
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297 Exploit Patch
http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html Exploit
http://secunia.com/advisories/45961 Vendor Advisory
http://secunia.com/advisories/51199
http://security.gentoo.org/glsa/glsa-201211-01.xml
http://securityreason.com/securityalert/8392
http://www.debian.org/security/2011/dsa-2308
http://www.mantisbt.org/bugs/view.php?id=13281 Exploit
http://www.openwall.com/lists/oss-security/2011/09/04/1 Exploit
http://www.openwall.com/lists/oss-security/2011/09/04/2
http://www.openwall.com/lists/oss-security/2011/09/09/9 Exploit
http://www.securityfocus.com/archive/1/519547/100/0/threaded
http://www.securityfocus.com/bid/49448
https://bugzilla.redhat.com/show_bug.cgi?id=735514 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/69588
https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d Patch
https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f Patch
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html Exploit
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:0.19.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*

History

21 Nov 2024, 01:30

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297 - Exploit, Patch () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297 - Exploit, Patch
References () http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html - Exploit () http://lists.debian.org/debian-security-tracker/2011/09/msg00012.html - Exploit
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html - Exploit () http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066061.html - Exploit
References () http://secunia.com/advisories/45961 - Vendor Advisory () http://secunia.com/advisories/45961 - Vendor Advisory
References () http://secunia.com/advisories/51199 - () http://secunia.com/advisories/51199 -
References () http://security.gentoo.org/glsa/glsa-201211-01.xml - () http://security.gentoo.org/glsa/glsa-201211-01.xml -
References () http://securityreason.com/securityalert/8392 - () http://securityreason.com/securityalert/8392 -
References () http://www.debian.org/security/2011/dsa-2308 - () http://www.debian.org/security/2011/dsa-2308 -
References () http://www.mantisbt.org/bugs/view.php?id=13281 - Exploit () http://www.mantisbt.org/bugs/view.php?id=13281 - Exploit
References () http://www.openwall.com/lists/oss-security/2011/09/04/1 - Exploit () http://www.openwall.com/lists/oss-security/2011/09/04/1 - Exploit
References () http://www.openwall.com/lists/oss-security/2011/09/04/2 - () http://www.openwall.com/lists/oss-security/2011/09/04/2 -
References () http://www.openwall.com/lists/oss-security/2011/09/09/9 - Exploit () http://www.openwall.com/lists/oss-security/2011/09/09/9 - Exploit
References () http://www.securityfocus.com/archive/1/519547/100/0/threaded - () http://www.securityfocus.com/archive/1/519547/100/0/threaded -
References () http://www.securityfocus.com/bid/49448 - () http://www.securityfocus.com/bid/49448 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=735514 - Exploit, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=735514 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/69588 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/69588 -
References () https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d - Patch () https://github.com/mantisbt/mantisbt/commit/5b93161f3ece2f73410c296fed8522f6475d273d - Patch
References () https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f - Patch () https://github.com/mantisbt/mantisbt/commit/6ede60d3db9e202044f135001589cce941ff6f0f - Patch
References () https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html - Exploit () https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html - Exploit

Information

Published : 2011-09-21 16:55

Updated : 2024-11-21 01:30


NVD link : CVE-2011-3357

Mitre link : CVE-2011-3357

CVE.ORG link : CVE-2011-3357


JSON object : View

Products Affected

mantisbt

  • mantisbt
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')