DB Credentials leak in upgrade_unattended.php

Retrieve credentials from Mantis system configuration instead of
accepting them from POST parameters.

This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me)
as part of Offensive Security's bug bounty program [1].

Fixes 0017877

[1] http://www.offensive-security.com/bug-bounty-program/

Signed-off-by: Damien Regad dregad@mantisbt.org