CVE-2002-0010 in Bugzillainfo

Summary

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Disclosure

01/31/2002

Moderation

VulDB entry created

Entries

1: VDB-17922

CPE

ready

CWE

CWE-89 (Confirmed)

CVSS

7.3

EPSS

0.03710

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0010
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0010
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0010/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!