Tag
MantisBT instances running on MySQL are vulnerable to an authentication bypass in the SOAP API due to improper type checking on the password parameter, allowing attackers with a valid username to log in without the actual password.