Bugzilla 2.10 allows remote malicious users to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.4 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 2.8 |
||
mozilla bugzilla 2.10 |