Remote authenticated users can bypass bug entry restrictions in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 via post_bug.cgi.

Remote authenticated users can bypass bug entry restrictions in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 via post_bug.cgi.

CVE-2005-1564 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

Learn more about our User Device Pen Test.