Vulnerabilities > Mantisbt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2024-23830 | Unspecified vulnerability in Mantisbt MantisBT is an open source issue tracker. | 8.3 |
| 2022-04-14 | CVE-2021-43257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | 7.8 |
| 2021-03-07 | CVE-2009-20001 | Insufficient Session Expiration vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.5. | 8.1 |
| 2020-12-30 | CVE-2020-35849 | Authorization Bypass Through User-Controlled Key vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.4. | 7.5 |
| 2019-10-09 | CVE-2019-15715 | OS Command Injection vulnerability in Mantisbt MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | 7.2 |
| 2017-09-12 | CVE-2014-9624 | Improper Authentication vulnerability in Mantisbt CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 7.5 |
| 2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |