VYPR
High severity8.8NVD Advisory· Published Apr 16, 2017· Updated Jun 17, 2026

CVE-2017-7615

CVE-2017-7615

Description

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mantisbt/mantisbtPackagist
>= 1.3.0-rc.2, < 1.3.101.3.10
mantisbt/mantisbtPackagist
>= 2.0.0, < 2.2.42.2.4
mantisbt/mantisbtPackagist
>= 2.3.0, < 2.3.12.3.1

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.