CVE-2007-5038
CVE-2007-5038
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://fedoranews.org/updates/FEDORA-2007-229.shtmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=395632https://bugzilla.redhat.com/show_bug.cgi?id=299981http://secunia.com/advisories/26848http://secunia.com/advisories/26969https://exchange.xforce.ibmcloud.com/vulnerabilities/36692http://www.bugzilla.org/security/3.0.1/http://www.securityfocus.com/archive/1/480077/100/0/threadedhttp://www.securityfocus.com/bid/25725http://www.securitytracker.com/id?1018719http://www.vupen.com/english/advisories/2007/3200