← back
CVE-2005-1564

CVE-2005-1564

EPSS 1.6%
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=111592031902962&w=2https://bugzilla.mozilla.org/show_bug.cgi?id=287109http://secunia.com/advisories/15338https://exchange.xforce.ibmcloud.com/vulnerabilities/42797http://www.bugzilla.org/security/2.16.8/http://www.osvdb.org/16426