Summary
Bugzilla is prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to submit attachments in the context of the logged-in user.
This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.
Solution
The vendor released updates to address this issue. Please see http://www.bugzilla.org/ for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1213 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- Admidio get_file.php Remote File Disclosure Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability