Vulnerability Description
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" section of the MantisBT Admin Guide), and the MySQL client has a local_infile setting enabled (in php.ini mysqli.allow_local_infile, or the MySQL client config file, depending on the PHP setup), an attacker may take advantage of MySQL's "connect file read" feature to remotely access files on the MantisBT server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mantisbt | Mantisbt | 2.5.2 |
| Mariadb | Mariadb | All versions |
| Mysql | Mysql | All versions |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2017/08/04/6Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/100142Third Party AdvisoryVDB Entry
- https://mantisbt.org/bugs/view.php?id=23173Vendor Advisory
- http://openwall.com/lists/oss-security/2017/08/04/6Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/100142Third Party AdvisoryVDB Entry
- https://mantisbt.org/bugs/view.php?id=23173Vendor Advisory
FAQ
What is CVE-2017-12419?
CVE-2017-12419 is a vulnerability with a CVSS score of 4.9 (MEDIUM). If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" secti...
How severe is CVE-2017-12419?
CVE-2017-12419 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12419?
Check the references section above for vendor advisories and patch information. Affected products include: Mantisbt Mantisbt, Mariadb Mariadb, Mysql Mysql.