Title: Mantis Configuration Remote File Include Command Execution Vulnerability
Severity: HIGH
Description:
Mantis is a web-based bug tracking system. It is written in PHP and back-ended by a MySQL database.
Mantis depends on some include files for configuration of the bug tracking system. The paths to the all the included configuration related files are specified in the config_inc2.php script, which may be overridden in the config_inc.php script. However, attackers may influence the variables which contain the path to the included files. It is possible for attackers to specify an arbitrary path, either to a local file or a file on a remote server.
This may be accomplished via a request to any of the Mantis scripts which rely on includes to external files to pull any configuration related information. It is also possible to exploit this issue via a maliciously crafted cookie.
Attackers may use this to include PHP files located on remote servers. Execution of arbitrary commands with the privileges of the webserver is the result of successful exploitation. Additionally, this vulnerability may be exploited to disclose the contents of arbitrary webserver readable files.
Affected Products:
- Debian Linux 3.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- Mantis Mantis 0.17.0 .0
- Mantis Mantis 0.17.1
- Mantis Mantis 0.17.2
- Mantis Mantis 0.17.3
References:
- Mantis: Mantis Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
