CVE-2012-1120 in MantisBTinfo

Summary

The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/14/2012

Disclosure

06/29/2012

Moderation

VulDB entry created

Entries

1: VDB-61148

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

4.2

EPSS

0.00902

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1120
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1120
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1120/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!