5

CVE-2007-4538

Exploit
email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaBugzilla Version2.4
MozillaBugzilla Version2.6
MozillaBugzilla Version2.8
MozillaBugzilla Version2.9
MozillaBugzilla Version2.23.4
MozillaBugzilla Version3.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.92% 0.773
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/37203
http://secunia.com/advisories/26584
Patch
Vendor Advisory
http://secunia.com/advisories/26971
http://security.gentoo.org/glsa/glsa-200709-18.xml
http://www.bugzilla.org/security/2.20.4/
http://www.securityfocus.com/archive/1/477630/100/0/threaded
http://www.securityfocus.com/bid/25425
Patch
Exploit
http://www.securitytracker.com/id?1018604
http://www.vupen.com/english/advisories/2007/2977
https://bugzilla.mozilla.org/show_bug.cgi?id=386860
https://exchange.xforce.ibmcloud.com/vulnerabilities/36243