Lucene search

K
cvelistRedhatCVELIST:CVE-2012-2692
HistoryJun 17, 2012 - 1:00 a.m.

CVE-2012-2692

2012-06-1701:00:00
redhat
www.cve.org

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments.

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%