CVE-2012-2692

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 1.2.11

Description The issue allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments due to a lack of permission check for delete attachments threshold when form security validation is set to OFF.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider setting form security validation to ON to minimize the risk of exploitation. Restrict access to attachment deletion functionality to minimize the risk of unauthorized attachment deletion.