Vulnerabilities

CVE-2012-5523

by Fred · 15/11/2012

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug.

Date published : 2012-11-15

http://www.securityfocus.com/bid/56520

http://www.mantisbt.org/bugs/changelog_page.php?version_id=150

Similar

Tags: Cybersecurity Alert