Vulnerability: Unauthorized Status Changes in MantisBT

Vulnerability: Unauthorized Status Changes in MantisBT

CVE-2012-5522 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.

Learn more about our User Device Pen Test.