Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2002-1196

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

  • Published: Oct 28, 2002
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-1196
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / bugzilla 2.16 2.16.x
mozilla / bugzilla 2.14.2 2.14.2.x
mozilla / bugzilla 2.14.3 2.14.3.x
mozilla / bugzilla 2.14.1 2.14.1.x
mozilla / bugzilla 2.14 2.14.x