CVE-2017-7615 | MantisBT up to 2.3.0 verify.php confirm_hash password recovery (ID 159219 / EDB-41890)
A vulnerability was found in MantisBT up to 2.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file verify.php. The manipulation of the argument confirm_hash leads to weak password recovery.
This vulnerability is known as CVE-2017-7615. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.