CVE-2005-1564

medium

Description

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42797

http://www.osvdb.org/16426

http://secunia.com/advisories/15338

http://marc.info/?l=bugtraq&m=111592031902962&w=2

Details

Source: Mitre, NVD

Published: 2005-05-12

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium