Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4437Path Traversal in Mozilla Bugzilla

CWE-22Path Traversal12 documents6 sources
Severity
7.1HIGHNVD
EPSS
10.5%
top 6.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Bugzilla
Timeline
PublishedOct 3
Latest updateMay 2

Description

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDmozilla/bugzilla18 versions+17

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-ph4j-q265-3h3m: Directory traversal vulnerability in importxml2022-05-02
CVEList
CVE-2008-4437: Directory traversal vulnerability in importxml2008-10-03

💥Exploits & PoCs

1
Exploit-DB
Bugzilla 3.1.4 - '--attach_path' Directory Traversal2008-08-12

📋Vendor Advisories

1
Red Hat
bugzilla directory traversal flaw2008-10-06

💬Community

7
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]2009-02-09
Bugzilla
CVE-2008-4437 CVE-2008-6098 CVE-2008-048[13456] bugzilla: multiple issues [Fdevel]2009-02-09
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]2009-02-09
Bugzilla
CVE-2008-4437 bugzilla directory traversal flaw [F9]2008-10-07
Bugzilla
CVE-2008-4437 bugzilla directory traversal flaw2008-10-07
CVE-2008-4437 — Path Traversal in Mozilla Bugzilla | cvebase