MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
SQLi
Authentication Bypass
PHP
Mantisbt
NVD
CVSS 3.0
3.3
EPSS
0.5%