CVE-2002-1198 — SQL Injection in Mozilla Bugzilla

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedOct 28

Latest updateApr 30

Description

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla6 versions+5

🔴Vulnerability Details

GHSA

GHSA-mg8w-w329-hc59: Bugzilla 2↗2022-04-30

▶

CVEList

CVE-2002-1198: Bugzilla 2↗2004-09-01

▶