MantisBT - Forum
View Issue Details
0000427ForumApispublic2008-09-22 15:542008-09-22 15:54
Reporteradministrator 
Assigned Toadministrator 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version0.6.7 
Target Version0.6.8Fixed in Version0.6.8 
Summary0000427: Security issue on item_add
DescriptionThere is a security hole in the item_add procedure and in the post_item procedure.

User that do not get the privilege to create item on the forum can attach vote and some other stuff
Steps To Reproduce
Additional Information
TagsNo tags attached.
child of 0000424resolved administrator Add the item_add procedure to the apis package 
Attached Files
Issue History
2008-09-22 15:54administratorNew Issue
2008-09-22 15:54administratorStatusnew => assigned
2008-09-22 15:54administratorAssigned To => administrator
2008-09-22 15:54administratorRelationship addedchild of 0000424
2008-09-22 15:54administratorNote Added: 0001147
2008-09-22 15:54administratorStatusassigned => resolved
2008-09-22 15:54administratorFixed in Version => 0.6.8
2008-09-22 15:54administratorResolutionopen => fixed

Notes
(0001147)
administrator   
2008-09-22 15:54   
Fixed