1. CVE-Search
  2. CVE-2007-4538
ID CVE-2007-4538
Summary email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 25425
bugtraq 20070823 Security Advisory for Bugzilla 3.0, 2.22.1, and 2.20.4
confirm http://www.bugzilla.org/security/2.20.4/
gentoo GLSA-200709-18
misc https://bugzilla.mozilla.org/show_bug.cgi?id=386860
osvdb 37203
sectrack 1018604
secunia
  • 26584
  • 26971
vupen ADV-2007-2977
xf bugzilla-sendmail-command-execution(36243)
Last major update 15-10-2018 - 21:35
Published 27-08-2007 - 21:17
Last modified 15-10-2018 - 21:35
Back to Top