2 matches found
Authentication Bypass by Primary Weakness
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the SOAP API due to improper type checking on the password parameter. An attacker can gain unauthorized access to user accounts by sending a crafted...
GHSA-PHRQ-PC6R-F6GH MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL
Mantis Bug Tracker instances running on MySQL and compatible databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion...