5.5

CVE-2006-0914

Exploit
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.16.10
MozillaBugzilla Version2.17
MozillaBugzilla Version2.17.4
MozillaBugzilla Version2.17.5
MozillaBugzilla Version2.17.6
MozillaBugzilla Version2.17.7
MozillaBugzilla Version2.18
MozillaBugzilla Version2.18 Updaterc1
MozillaBugzilla Version2.18 Updaterc2
MozillaBugzilla Version2.18.1
MozillaBugzilla Version2.18.2
MozillaBugzilla Version2.18.3
MozillaBugzilla Version2.18.4
MozillaBugzilla Version2.20 Updaterc1
MozillaBugzilla Version2.20 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.709
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.