CVE-2009-3165SQL Injection in Mozilla Bugzilla

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 44.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedSep 15
Latest updateMay 2

Description

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/bugzilla25 versions+24

Patches

Patch: www.bugzilla.orgPatch: www.securityfocus.comPatch: www.bugzilla.org

🔴Vulnerability Details

2
GHSA
GHSA-p375-prpx-3ph3: SQL injection vulnerability in the Bug2022-05-02
CVEList
CVE-2009-3165: SQL injection vulnerability in the Bug2009-09-15
CVE-2009-3165 — SQL Injection in Mozilla Bugzilla | cvebase