CVE-2006-0913: SQL Injection
First published: Tue Feb 28 2006(Updated: )
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Bugzilla | =2.17.6 | |
| Mozilla Bugzilla | =2.19.3 | |
| Mozilla Bugzilla | =2.20-rc2 | |
| Mozilla Bugzilla | =2.20-rc1 | |
| Mozilla Bugzilla | =2.20 | |
| Mozilla Bugzilla | =2.19 | |
| Mozilla Bugzilla | =2.18-rc1 | |
| Mozilla Bugzilla | =2.17.4 | |
| Mozilla Bugzilla | =2.17.1 | |
| Mozilla Bugzilla | =2.18.1 | |
| Mozilla Bugzilla | =2.19.1 | |
| Mozilla Bugzilla | =2.17.5 | |
| Mozilla Bugzilla | =2.17.3 | |
| Mozilla Bugzilla | =2.18.4 | |
| Mozilla Bugzilla | =2.18.3 | |
| Mozilla Bugzilla | =2.17.7 | |
| Mozilla Bugzilla | =2.21.1 | |
| Mozilla Bugzilla | =2.18-rc3 | |
| Mozilla Bugzilla | =2.18.2 | |
| Mozilla Bugzilla | =2.18-rc2 | |
| Mozilla Bugzilla | =2.21 | |
| Mozilla Bugzilla | =2.19.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=312498
- http://www.securityfocus.com/bid/16738
- http://secunia.com/advisories/18979
- http://www.osvdb.org/23378
- http://www.vupen.com/english/advisories/2006/0692
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24819
- http://www.securityfocus.com/archive/1/425584/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-0913?
CVE-2006-0913 is considered a medium severity vulnerability due to its ability to allow unauthorized SQL commands execution.
How do I fix CVE-2006-0913?
To fix CVE-2006-0913, upgrade Bugzilla to version 2.18.5 or later.
Which versions of Bugzilla are affected by CVE-2006-0913?
CVE-2006-0913 affects Bugzilla versions 2.17 to 2.20-rc2.
What type of vulnerability is CVE-2006-0913?
CVE-2006-0913 is an SQL injection vulnerability.
Who can exploit CVE-2006-0913?
CVE-2006-0913 can be exploited by authenticated users with administrative privileges.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/mozilla
- canonical/mozilla bugzilla
- version/mozilla bugzilla/2.17.6
- version/mozilla bugzilla/2.19.3
- version/mozilla bugzilla/2.20-rc2
- version/mozilla bugzilla/2.20-rc1
- version/mozilla bugzilla/2.20
- version/mozilla bugzilla/2.19
- version/mozilla bugzilla/2.18-rc1
- version/mozilla bugzilla/2.17.4
- version/mozilla bugzilla/2.17.1
- version/mozilla bugzilla/2.18.1
- version/mozilla bugzilla/2.19.1
- version/mozilla bugzilla/2.17.5
- version/mozilla bugzilla/2.17.3
- version/mozilla bugzilla/2.18.4
- version/mozilla bugzilla/2.18.3
- version/mozilla bugzilla/2.17.7
- version/mozilla bugzilla/2.21.1
- version/mozilla bugzilla/2.18-rc3
- version/mozilla bugzilla/2.18.2
- version/mozilla bugzilla/2.18-rc2
- version/mozilla bugzilla/2.21
- version/mozilla bugzilla/2.19.2