Shanghaikuangchuang

**Name of the Vulnerable Software and Affected Versions** MantisBT version 2.10.0 **Description** The issue allows local users to conduct SQL Injection attacks via the `sql` parameter in a request to the `server.php` endpoint, accessible from the 127.0.0.1 IP address. It is worth noting that the vendor disputes the significance of this report, stating that `server.php` is intended to execute arbitrary SQL statements on behalf of authenticated users from 127.0.0.1, and the issue does not have an authentication bypass. **Recommendations** For MantisBT version 2.10.0, consider restricting access to the `server.php` endpoint to minimize the risk of exploitation, as it is intended for authenticated users from 127.0.0.1. Additionally, avoid using the `sql` parameter in requests to this endpoint until the issue is resolved.