Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0329 — Mozilla Bugzilla vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

6.2%

top 9.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Bugzilla

Timeline

PublishedJun 27

Latest updateApr 30

Description

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla4 versions+3

Patches

Patch: www.atstake.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-xh8x-v85v-9297: Bugzilla 2↗2022-04-30

▶

CVEList

CVE-2001-0329: Bugzilla 2↗2001-05-24

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Bugzilla 2.4/2.6/2.8/2.10 - Arbitrary Command Execution↗2000-05-11

▶