Vulnerabilities

CVE-2012-5522

by Fred · 15/11/2012

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.

Date published : 2012-11-15

http://www.securityfocus.com/bid/56520

http://www.mantisbt.org/bugs/changelog_page.php?version_id=150

Similar

Tags: Cybersecurity Alert