SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000869SiT!Skillspublic2009-08-15 15:532009-08-16 14:39
Reporterivan 
Assigned Toivan 
PriorityurgentSeverityblockReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.50Fixed in Version3.50 
Summary0000869: edit_user_skills.php does not properly sanitise input
Descriptionedit_user_skills.php does not properly sanitise input.

This potentially allow somebody to insert random data (or worse, remove it) from the database. The user would have to first authenticate and have 'Manage user skills' permission to exploit this.
Tagssecurity
Attached Files

- Relationships

-  Notes
User avatar (0001550)
ivan (administrator)
2009-08-15 16:14

Fixed in trunk svn r5767 & r5768
User avatar (0001671)
ivan (administrator)
2009-08-16 14:39

Released in 3.50rc1

- Issue History
Date Modified Username Field Change
2009-08-15 15:53 ivan New Issue
2009-08-15 15:53 ivan Tag Attached: security
2009-08-15 15:53 ivan Target Version => 3.50
2009-08-15 15:56 ivan Status new => confirmed
2009-08-15 15:57 ivan Status confirmed => assigned
2009-08-15 15:57 ivan Assigned To => ivan
2009-08-15 16:14 ivan Note Added: 0001550
2009-08-15 16:14 ivan Status assigned => resolved
2009-08-15 16:14 ivan Fixed in Version => Current SVN
2009-08-15 16:14 ivan Resolution open => fixed
2009-08-16 13:15 ivan Fixed in Version Current SVN => 3.50
2009-08-16 14:39 ivan Note Added: 0001671
2009-08-16 14:39 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker