CVE-2024-23830

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.1

Description MantisBT is an open source issue tracker. An unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message.

Recommendations For versions prior to 2.26.1, update to version 2.26.1 to resolve the issue. As a temporary workaround, define $g path as appropriate in config inc.php.