MantisBT through 2.3.0 via an empty confirm_hash value to verify.php allows arbitrary password reset and unauthenticated admin access.This leads to remote code execution.
In order to patch this vulnerability, please install the official patch MantisBT made available for supported, vulnerable instances.