Skip to main content
CVE-2017-7615 HIGH POC PATCH THREAT Act Now

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.5%.

PHP Information Disclosure Mantisbt
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
92.5%
Threat
6.0

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy