Vulnerabilities

CVE-2012-1118

by Fred · 29/06/2012

The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports.

Date published : 2012-06-29

http://www.securityfocus.com/bid/52313

http://www.mantisbt.org/bugs/changelog_page.php?version_id=140

Similar

Tags: Cybersecurity Alert