8 matches found
CVE-2026-42070
Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...
Mantis Bug Tracker 安全漏洞
Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from a lack of authorization checks in the file visibility function, allowing authenticated user...
PT-2026-39890
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description The mc issue update function allows users with update bug threshold access UPDATER to edit, change the view state, and modify time tracking on bugnotes belonging to other users...
CVE-2012-5523
CVE-2012-5523 affects MantisBT prior to 1.2.12. The issue is in the email_api.php component where email notification sending is not correctly handled for bugs with restricted visibility, enabling a remote authenticated user to gain access to sensitive information by adding a note before losing pe...
CVE-2012-1120
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...
Code injection
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...
CVE-2012-1120
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...
CVE-2012-1120
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnoteallowusereditdelete and deletebugthreshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes...