Family: CGI abuses --> Category: infos
Bugzilla <= 2.18.1 / 2.19.3 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in Bugzilla <= 2.18.1 / 2.19.3
Detailed Explanation for this Vulnerability Test
The remote web server contains a CGI script that suffers from
information disclosure vulnerabilities.
According to its banner, the version of Bugzilla installed on the
remote host reportedly allows any user to change any flag on a bug,
even if they don't otherwise have access to the bug or rights to make
changes to it. In addition, a private bug summary may be visible to
users if MySQL replication is used on the backend database.
See also :
Upgrade to Bugzilla 2.18.2 / 2.20rc1 or later.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.