The largest open source vulnerability database
Good to know:
Date: June 29, 2012
The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes.
Weakness Type (CWE)
Permissions, Privileges, and Access ControlCWE-264
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||HIGH|