5.5

CVE-2006-0913

Exploit
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.17.1
MozillaBugzilla Version2.17.3
MozillaBugzilla Version2.17.4
MozillaBugzilla Version2.17.5
MozillaBugzilla Version2.17.6
MozillaBugzilla Version2.17.7
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
MozillaBugzilla Version2.18 Updaterc3
MozillaBugzilla Version2.18.1
MozillaBugzilla Version2.18.2
MozillaBugzilla Version2.18.3
MozillaBugzilla Version2.18.4
MozillaBugzilla Version2.19
MozillaBugzilla Version2.19.1
MozillaBugzilla Version2.19.2
MozillaBugzilla Version2.19.3
MozillaBugzilla Version2.20
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
MozillaBugzilla Version2.21
MozillaBugzilla Version2.21.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.02% 0.588
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18979
Vendor Advisory
http://www.osvdb.org/23378
http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.securityfocus.com/bid/16738
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/24819