The offer_account_by_email function in User.pm in the WebService for Bugzilla prior to 3.0.2, and 3.1.x prior to 3.1.2, does not check the value of the createemailregexp parameter, which allows remote malicious users to bypass intended restrictions on account creation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.1.1 |
||
mozilla bugzilla 3.0.1 |
||
mozilla bugzilla 3.1.0 |
||
mozilla bugzilla 3.0.0 |