Описание
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | 3.2.0.0~rc2-1 |
| feisty | ignored | end of life, was needed |
| gutsy | released | 2.22.1-2.2ubuntu1.7.10.1 |
| hardy | released | 2.22.1-2.2ubuntu1.8.04.1 |
| intrepid | released | 3.0.4.1-2ubuntu1.1 |
| upstream | released | 3.0.5 |
Показывать по
Ссылки на источники
EPSS
7.1 High
CVSS2
Связанные уязвимости
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
Directory traversal vulnerability in importxml.pl in Bugzilla before 2 ...
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
EPSS
7.1 High
CVSS2