2 matches found
CVE-2026-33052
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...
GHSA-68W5-W573-Q2R8 MantisBT Has Authorization Bypass in Global Profile Creation
MantisBT allows a low-privileged authenticated user having addprofilethreshold to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a valid profile creation request. Impact Authentication bypass Patches -...