Vulnerabilities
Vulnerable Software
Mantisbt:  >> Mantisbt  >> 1.2.9  Security Vulnerabilities
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.
CVSS Score
5.5
EPSS Score
0.004
Published
2012-11-16
The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request.
CVSS Score
7.5
EPSS Score
0.037
Published
2012-06-17
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
CVSS Score
3.6
EPSS Score
0.007
Published
2012-06-17


Contact Us

Shodan ® - All rights reserved