header-logo
Suggest Exploit
vendor:
Bugzilla
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: Bugzilla
Affected Version From: Bugzilla 2.22.1
Affected Version To: Bugzilla 2.22.4, Bugzilla 2.23.3 and later
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Bugzilla Directory Traversal Vulnerability

Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30661/info

Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.

The following versions are affected:

Bugzilla 2.22.1 through 2.22.4
Bugzilla 2.23.3 and later

<data encoding="filename">../relative_path/to/local_file</data>