John (hyp3rlinx) Page

1 exploit Active since Apr 2017
CVE-2017-7615 METASPLOIT HIGH ruby WORKING POC
MantisBT < 2.3.0 - Unauthenticated Arbitrary Password Reset via Empty Confirm Hash
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVSS 8.8