The process_bug.cgi script in Bugzilla allows remote malicious users to execute arbitrary commands via shell metacharacters.
mozilla bugzilla 2.8