CVE-2017-12419

If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
References
Link Resource
http://openwall.com/lists/oss-security/2017/08/04/6 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/100142 Third Party Advisory VDB Entry
https://mantisbt.org/bugs/view.php?id=23173 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mantisbt:mantisbt:2.5.2:*:*:*:*:*:*:*
OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-05 15:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-12419

Mitre link : CVE-2017-12419

CVE.ORG link : CVE-2017-12419


JSON object : View

Products Affected

mysql

  • mysql

mariadb

  • mariadb

mantisbt

  • mantisbt
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor