Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BugZilla Process_Bug.CGI哄骗评论漏洞
Vulnerability Description
Bugzilla 2.14.1之前版本存在漏洞。远程攻击者可以(1)借助使用"who"参数的process_bug.cgi而不是Bugzilla_login cookie的HTTP请求哄骗用户评论,或者(2)通过修改enter_bug.cgi中的reporter参数像其他用户公布漏洞,该参数被传到post_bug.cgi。
CVSS Information
N/A
Vulnerability Type
N/A