Bugzilla 2.16.10, 2.17 up to and including 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote malicious users to trigger a SQL error.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.18.1 |
||
mozilla bugzilla 2.18.2 |
||
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.20 |
||
mozilla bugzilla 2.16.10 |
||
mozilla bugzilla 2.17 |
||
mozilla bugzilla 2.18.3 |
||
mozilla bugzilla 2.18.4 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.17.5 |