Directory traversal vulnerability in importxml.pl in Bugzilla prior to 2.22.5, and 3.x prior to 3.0.5, when --attach_path is enabled, allows remote malicious users to read arbitrary files via an XML file with a .. (dot dot) in the data element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.1.3 |
||
mozilla bugzilla 3.1.1 |
||
mozilla bugzilla 3.1.2 |
||
mozilla bugzilla 2.22.3 |
||
mozilla bugzilla 2.23.2 |
||
mozilla bugzilla 2.22.1 |
||
mozilla bugzilla 2.23.4 |
||
mozilla bugzilla 2.23.3 |
||
mozilla bugzilla 2.23.1 |
||
mozilla bugzilla 2.22.2 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 3.1.4 |
||
mozilla bugzilla 2.4 |
||
mozilla bugzilla 2.8 |
||
mozilla bugzilla 3.0.2 |
||
mozilla bugzilla 2.23 |
||
mozilla bugzilla 2.9 |
||
mozilla bugzilla 2.22.4 |