SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 up to and including 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.19 |
||
mozilla bugzilla 2.19.1 |
||
mozilla bugzilla 2.21.1 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.17.5 |
||
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.20 |
||
mozilla bugzilla 2.21 |
||
mozilla bugzilla 2.18.1 |
||
mozilla bugzilla 2.18.2 |
||
mozilla bugzilla 2.18.3 |
||
mozilla bugzilla 2.19.2 |
||
mozilla bugzilla 2.19.3 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.18.4 |