3 matches found
CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...
CVE-2026-34390
MantisBT before 2.28.2 is affected by a Privilege Escalation in ProjectUsersAddCommand (manage_proj_user_add.php). A user with manage_project_threshold (default manager) can forge a higher access_level value and grant project-level administrator rights to any user within a project they manage, by...
Access Control Bypass
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Access Control Bypass via insufficient access control checks in the ProjectUsersAddCommand process. An attacker can escalate their project-level privileges by submitting a forged higher...