CVE-2012-2692

2012-06-16T23:41:41
ID CVE-2012-2692
Type cve
Reporter NVD
Modified 2013-08-26T23:24:18

Description

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.