Mantisbt: >> Mantisbt >> 1.2.10 Security Vulnerabilities
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.
CVSS Score
3.6
EPSS Score
0.007
Published
2012-06-17
Page 8