CVE-2017-7615

By
Jijith Rajan
Published on
01 Oct 2021
Vulnerability

MantisBT through 2.3.0 via an empty confirm_hash value to verify.php allows arbitrary password reset and unauthenticated admin access.This leads to remote code execution.

Mitigation / Precaution

In order to patch this vulnerability, please install the official patch MantisBT made available for supported, vulnerable instances.


Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days