CVE-2006-0913 — SQL Injection in Mozilla Bugzilla
3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 25.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateMay 1
Description
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
CVSS vector
AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9