Candidate: CVE-2011-3357
PublicDate: 2011-09-21 16:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3357
 http://www.mantisbt.org/bugs/view.php?id=13281
 http://www.openwall.com/lists/oss-security/2011/09/04/1
Description:
 Directory traversal vulnerability in bug_actiongroup_ext_page.php in
 MantisBT before 1.2.8 allows remote attackers to include and execute
 arbitrary local files via a .. (dot dot) in the action parameter, related
 to bug_actiongroup_page.php.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640297
 https://bugs.launchpad.net/bugs/848124
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mantis:
upstream_mantis: released (1.2.8-1)
hardy_mantis: ignored (reached end-of-life)
lucid_mantis: ignored (reached end-of-life)
maverick_mantis: ignored (reached end-of-life)
natty_mantis: released (1.1.8+dfsg-10squeeze2)
oneiric_mantis: released (1.2.8-1)
precise_mantis: released (1.2.8-1)
quantal_mantis: released (1.2.8-1)
raring_mantis: released (1.2.8-1)
saucy_mantis: released (1.2.8-1)
devel_mantis: DNE