Family: CGI abuses --> Category: infos
Bugzilla Multiple Flaws (2) Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of bugzilla
Detailed Explanation for this Vulnerability Test
The remote web server contains a CGI application that suffers from
The remote Bugzilla bug tracking system, according to its version
number, is vulnerable to various flaws :
- An administratrator may be able to execute arbitrary SQL commands on
the remote host.
- There are instances of information leaks which may let a possible hacker
know the database password (under certain circumstances, 2.17.x only)
or obtain the names of otherwise hidden products.
- A user with grant membership rights may escalate his rights
and belong to another group.
- There is a cross site scripting issue in the administrative web
- Users passwords may be embedded in URLs (2.17.x only).
- Several information leaks that may allow users to acertain the
names of other users and non-users to obtain a list of products,
including those that administrators might want to keep confidential.
See also :
Upgrade to 2.16.6 or 2.20 or later.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.