12 lines
No EOL
527 B
XML
Executable file
12 lines
No EOL
527 B
XML
Executable file
source: http://www.securityfocus.com/bid/30661/info
|
|
|
|
Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
|
|
|
|
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.
|
|
|
|
The following versions are affected:
|
|
|
|
Bugzilla 2.22.1 through 2.22.4
|
|
Bugzilla 2.23.3 and later
|
|
|
|
<data encoding="filename">../relative_path/to/local_file</data> |