Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0913

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2006-0913
Last Modified 07 Mar 2011 09:31:04
Published 28 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0913

Summary

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.17.5

  • Mozilla Bugzilla 2.17.6

  • Mozilla Bugzilla 2.17.7

  • Mozilla Bugzilla 2.18

  • Mozilla Bugzilla 2.18.1

  • Mozilla Bugzilla 2.18.2

  • Mozilla Bugzilla 2.18.3

  • Mozilla Bugzilla 2.18.4

  • Mozilla Bugzilla 2.19

  • Mozilla Bugzilla 2.19.1

  • Mozilla Bugzilla 2.19.2

  • Mozilla Bugzilla 2.19.3

  • Mozilla Bugzilla 2.20

  • Mozilla Bugzilla 2.21

  • Mozilla Bugzilla 2.21.1


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=312498

XF - bugzilla-editparams-sql-injection(24819)

VUPEN - ADV-2006-0692

BID - 16738

BUGTRAQ - 20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4

SECUNIA - 18979

OSVDB - 23378


Last Updated: 27 May 2016 10:41:50