2017-04-16 14:45:00
mitre
PUBLISHED
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.