As I wrote moment ago, there is an SQL injection vulnerability in latest MantisBT.
Currently, because of a fast and great work of Developer Team, it is fixed.
You can check the details here and in public section of this blog.
Once again, big thanks to Developers Team!
Great job! :)