Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x prior to 1.3.0 allows remote malicious users to obtain sensitive master salt configuration information via a SOAP API request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mantisbt mantisbt 1.3.0 |