Vulnerabilities > CVE-2002-1197 - Unspecified vulnerability in Mozilla Bugzilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family | CGI abuses |
NASL id | BUGZILLA_VULNS.NASL |
description | According to its version number, the remote Bugzilla bug tracking system is vulnerable to various flaws, including SQL injection, cross-site scripting, and arbitrary command execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11463 |
published | 2003-03-24 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11463 |
title | Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe) |