Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
I noticed today that a user named 'VishalThakur' was able to edit
someone else's note on our tracker.
I'm not sure what the setting for $g_update_bugnote_threshold is on
mantisbt.org, but since by default the access level is Developer and I
don't think this guy has that role (or even anything above Reporter for
that matter), that probably means that there is a possibility (soap?)
for reporters to bypass security.
Just thought I'd bring this to your attention.