"Mantis (http://www.mantisbt.org/) is a free popular web-based bug tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver.". Multiple vulnerabilities exist in the Mantis software (XSS, CSRF, Remote Code Execution).

http://www.securiteam.com/unixfocus/5WP0N0AOAW.html