7.5

CVE-2007-5038

Exploit

EPSS 0.82%
Published 24.09.2007 00:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Bugzilla Version3.0.0

Mozilla ≫ Bugzilla Version3.0.1

Mozilla ≫ Bugzilla Version3.1.0

Mozilla ≫ Bugzilla Version3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.82%	0.72

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://fedoranews.org/updates/FEDORA-2007-229.shtml

http://secunia.com/advisories/26848

Patch

Vendor Advisory

http://secunia.com/advisories/26969

http://www.bugzilla.org/security/3.0.1/

Patch

http://www.securityfocus.com/archive/1/480077/100/0/threaded

http://www.securityfocus.com/bid/25725

http://www.securitytracker.com/id?1018719

http://www.vupen.com/english/advisories/2007/3200

https://bugzilla.mozilla.org/show_bug.cgi?id=395632

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=299981

https://exchange.xforce.ibmcloud.com/vulnerabilities/36692

https://nvd.nist.gov/vuln/detail/CVE-2007-5038

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5038

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5038

EUVD