Mantis Bug Tracker 1.1.1 Remote Code Execution - CVE-2008-2276

On March 14, 2008, the official Mantis Bug Tracker website published an advisory on a serious Remote Code Execution vulnerability (CVE-2008-2276) in the adm_config_set.php file of version 1.1.1. The bug was discovered and documented by Francesco “ascii” Ongaro and Antonio “s4tan” Parata of the USH team, who identified the unsafe use of the eval() function applied to unfiltered input. The bug was fixed in version 1.1.2 of the software, and the related fix was confirmed by maintainer “giallu” in the SVN repository. The advisory had wide resonance and was also referenced by Red Hat Bugzilla.