Test Kennung:	1.3.6.1.4.1.25623.1.0.62857
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: mantis
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: mantis CVE-2008-4687 manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4687 BugTraq ID: 31789 http://www.securityfocus.com/bid/31789 https://www.exploit-db.com/exploits/44611/ https://www.exploit-db.com/exploits/6768 http://www.gentoo.org/security/en/glsa/glsa-200812-07.xml http://www.openwall.com/lists/oss-security/2008/10/19/1 http://secunia.com/advisories/32314 http://secunia.com/advisories/32975 http://securityreason.com/securityalert/4470 XForce ISS Database: mantis-sort-code-execution(45942) https://exchange.xforce.ibmcloud.com/vulnerabilities/45942
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.