Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Bugzilla Multiple Flaws (2) Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of bugzilla

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a CGI application that suffers from
multiple flaws.

Description :

The remote Bugzilla bug tracking system, according to its version
number, is vulnerable to various flaws :

- An administratrator may be able to execute arbitrary SQL commands on
the remote host.

- There are instances of information leaks which may let a possible hacker
know the database password (under certain circumstances, 2.17.x only)
or obtain the names of otherwise hidden products.

- A user with grant membership rights may escalate his rights
and belong to another group.

- There is a cross site scripting issue in the administrative web

- Users passwords may be embedded in URLs (2.17.x only).

- Several information leaks that may allow users to acertain the
names of other users and non-users to obtain a list of products,
including those that administrators might want to keep confidential.

See also :

Solution :

Upgrade to 2.16.6 or 2.20 or later.

Threat Level:

Low / CVSS Base Score : 3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.