5.5

CVE-2006-0914

Exploit
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.16.10
MozillaBugzilla Version2.17
MozillaBugzilla Version2.17.4
MozillaBugzilla Version2.17.5
MozillaBugzilla Version2.17.6
MozillaBugzilla Version2.17.7
MozillaBugzilla Version2.18
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
MozillaBugzilla Version2.18.1
MozillaBugzilla Version2.18.2
MozillaBugzilla Version2.18.3
MozillaBugzilla Version2.18.4
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.622
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/archive/1/425584/100/0/threaded
http://www.vupen.com/english/advisories/2006/0692
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42802