CVE-2017-12419

NameCVE-2017-12419
DescriptionIf, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mantis (PTS)wheezy1.2.18-1vulnerable
wheezy (security)1.2.18-1+deb7u1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mantissource(unstable)(unfixed)medium
mantissourcewheezy(unfixed)end-of-life

Notes

[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
https://mantisbt.org/bugs/view.php?id=23173

Search for package or bug name: Reporting problems