Vulnerability
MantisBT through 2.3.0 via an empty confirm_hash value to verify.php allows arbitrary password reset and unauthenticated admin access.This leads to remote code execution.
Mitigation / Precaution
In order to patch this vulnerability, please install the official patch MantisBT made available for supported, vulnerable instances.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
