2 matches found
CVE-2025-62520
CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...
CVE-2025-47776 MantisBT: Authentication bypass for some passwords due to PHP type juggling
Mantis Bug Tracker MantisBT is an open source issue tracker. Due to incorrect use of loose == instead of strict === comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instanc...