CVE-2006-0913

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=312498	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/16738	Vendor Advisory
http://secunia.com/advisories/18979	Vendor Advisory
http://www.osvdb.org/23378
http://www.vupen.com/english/advisories/2006/0692
https://exchange.xforce.ibmcloud.com/vulnerabilities/24819
http://www.securityfocus.com/archive/1/425584/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.17.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.7:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.19:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.19.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.21.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18:rc2::::::
	cpe:2.3:a:mozilla:bugzilla:2.18:rc3::::::
	cpe:2.3:a:mozilla:bugzilla:2.20:rc2::::::
	cpe:2.3:a:mozilla:bugzilla:2.21:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.19.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.20:rc1::::::
	cpe:2.3:a:mozilla:bugzilla:2.20:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18:rc1::::::
	cpe:2.3:a:mozilla:bugzilla:2.17.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.18.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.19.2:::::::*

Information

Published : 2006-02-28 03:02

Updated : 2018-10-18 09:29

NVD link : CVE-2006-0913

Mitre link : CVE-2006-0913

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

bugzilla

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=312498", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=312498", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/16738", "name": "16738", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18979", "name": "18979", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/23378", "name": "23378", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/0692", "name": "ADV-2006-0692", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24819", "name": "bugzilla-editparams-sql-injection(24819)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/425584/100/0/threaded", "name": "20060221 [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0913", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-28T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:29Z"}

5.5 /10