Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DB Credentials leak in upgrade_unattended.php
Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes #17877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org>
- Loading branch information