Vulnerability: Unauthorized Status Changes in MantisBT
CVE-2012-5522 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:N
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting.
Learn more about our User Device Pen Test.