Source Control Integration

Author	Committer	Branch	Timestamp	Parent
Paul Richards	dregad	master	2014-10-30 14:53	master a177faeb
Affected Issues	0017877: CVE-2014-9279: Db Credentials leak via unattended upgrade script
Changeset	DB Credentials leak in upgrade_unattended.php Retrieve credentials from Mantis system configuration instead of accepting them from POST parameters. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017877 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad dregad@mantisbt.org
Changeset	mod - admin/upgrade_unattended.php			Diff File