Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability Network Vulnerability

Summary

Bugzilla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following versions are affected: Bugzilla 3.3.2 through 3.4.1 Bugzilla 3.5

Solution

Updates are available. Please see the references for details.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.0.8/
http://www.securityfocus.com/bid/36371
https://bugzilla.mozilla.org/show_bug.cgi?id=515191

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3125

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AdMentor Login Flaw
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Apache Struts ClassLoader Manipulation Vulnerabilities
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability

Take action and discover your vulnerabilities