post_bug.cgi in Bugzilla 2.10 up to and including 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.10 |
||
mozilla bugzilla 2.12 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.14.2 |
||
mozilla bugzilla 2.14.3 |
||
mozilla bugzilla 2.16.4 |
||
mozilla bugzilla 2.16.5 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.14 |
||
mozilla bugzilla 2.14.1 |
||
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.16.3 |
||
mozilla bugzilla 2.17.5 |
||
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.14.4 |
||
mozilla bugzilla 2.14.5 |
||
mozilla bugzilla 2.17 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.19.1 |
||
mozilla bugzilla 2.19.2 |