FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mantis -- "t_core_path" file inclusion vulnerability

Affected packages
mantis < 1.0.0rc3

Details

VuXML ID 82a41084-6ce7-11da-b90c-000e0c2e438a
Discovery 2005-10-26
Entry 2005-12-14

Secunia Research reports:

Input passed to the "t_core_path" parameter in "bug_sponsorship_list_view_inc.php" isn't properly verified, before it used to include files. This can be exploited to include arbitrary files from external and local resources.

References

CVE Name CVE-2005-3335
URL http://secunia.com/secunia_research/2005-46/advisory/