bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
Max CVSS
7.5
EPSS Score
1.54%
Published
2002-10-28
Updated
2016-10-18
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-05
2 vulnerabilities found