CVE-2002-0010 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2002-0010?

CVE-2002-0010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-0010?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.

Vulnerability Description

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Bugzilla	<= 2.14.1

References

FAQ

What is CVE-2002-0010?

CVE-2002-0010 is a vulnerability with a CVSS score of 7.5 (HIGH). Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean char...

How severe is CVE-2002-0010?

CVE-2002-0010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0010?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.