7.5
CVE-2007-5038
- EPSS 1.96%
- Veröffentlicht 24.09.2007 00:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.96% | 0.777 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://fedoranews.org/updates/FEDORA-2007-229.shtml
http://secunia.com/advisories/26848
http://secunia.com/advisories/26969
http://www.bugzilla.org/security/3.0.1/
http://www.securityfocus.com/archive/1/480077/100/0/threaded
http://www.securityfocus.com/bid/25725
http://www.securitytracker.com/id?1018719
http://www.vupen.com/english/advisories/2007/3200
https://bugzilla.mozilla.org/show_bug.cgi?id=395632
https://bugzilla.redhat.com/show_bug.cgi?id=299981
https://exchange.xforce.ibmcloud.com/vulnerabilities/36692