← back
CVE-2001-0329

CVE-2001-0329

EPSS 3.1%
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/19909unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.atstake.com/research/advisories/2001/a043001-1.txthttp://www.mozilla.org/projects/bugzilla/security2_12.htmlhttp://www.securityfocus.com/bid/1199