First published: Tue Feb 28 2006(Updated: )
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Bugzilla | =2.17.6 | |
Mozilla Bugzilla | =2.19.3 | |
Mozilla Bugzilla | =2.20-rc2 | |
Mozilla Bugzilla | =2.20-rc1 | |
Mozilla Bugzilla | =2.20 | |
Mozilla Bugzilla | =2.19 | |
Mozilla Bugzilla | =2.18-rc1 | |
Mozilla Bugzilla | =2.17.4 | |
Mozilla Bugzilla | =2.17.1 | |
Mozilla Bugzilla | =2.18.1 | |
Mozilla Bugzilla | =2.19.1 | |
Mozilla Bugzilla | =2.17.5 | |
Mozilla Bugzilla | =2.17.3 | |
Mozilla Bugzilla | =2.18.4 | |
Mozilla Bugzilla | =2.18.3 | |
Mozilla Bugzilla | =2.17.7 | |
Mozilla Bugzilla | =2.21.1 | |
Mozilla Bugzilla | =2.18-rc3 | |
Mozilla Bugzilla | =2.18.2 | |
Mozilla Bugzilla | =2.18-rc2 | |
Mozilla Bugzilla | =2.21 | |
Mozilla Bugzilla | =2.19.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.