Input validation

Incomplete blacklist vulnerability in the configisprivate function in configapi.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request...