This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:SQL:INJ:GLOBAL-VAR
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
MySQL Global Variable Access
|
Release Date |
2008/03/07
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: MySQL Global Variable Access
This signature detects using MySQL global variables within an HTTP URI request. Such requests could indicate an SQL injection attempt.
Extended Description
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
Affected Products
- Mantisbt mantisbt 0.19.3
- Mantisbt mantisbt 0.19.4
- Mantisbt mantisbt 1.0.0
- Mantisbt mantisbt 1.0.1
- Mantisbt mantisbt 1.0.2
- Mantisbt mantisbt 1.0.3
- Mantisbt mantisbt 1.0.4
- Mantisbt mantisbt 1.0.5
- Mantisbt mantisbt 1.0.6
- Mantisbt mantisbt 1.0.7
- Mantisbt mantisbt 1.0.8
- Mantisbt mantisbt 1.1.0
- Mantisbt mantisbt 1.1.1
- Mantisbt mantisbt 1.1.2
- Mantisbt mantisbt 1.1.4
- Mantisbt mantisbt 1.1.5
- Mantisbt mantisbt 1.1.6
- Mantisbt mantisbt 1.1.7
- Mantisbt mantisbt 1.1.8
- Mantisbt mantisbt 1.2.0
- Mantisbt mantisbt 1.2.1
- Mantisbt mantisbt 1.2.2
- Mantisbt mantisbt 1.2.3
- Mantisbt mantisbt 1.2.4
- Mantisbt mantisbt 1.2.5
- Mantisbt mantisbt 1.2.6
References