Mozilla Bugzilla 'Bug.search()' WebService Function SQL Injection Vulnerability Network Vulnerability

Summary

Bugzilla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following versions are affected: Bugzilla 3.3.2 through 3.4.1 Bugzilla 3.5

Solution

Updates are available. Please see the references for details.

References

http://www.bugzilla.org
http://www.bugzilla.org/security/3.0.8/
http://www.securityfocus.com/bid/36371
https://bugzilla.mozilla.org/show_bug.cgi?id=515191

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3125

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
admin.cgi overflow
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
Assesi 'bg' Parameter SQL Injection vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14

Take action and discover your vulnerabilities