CVE-2006-0913

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

Published: Feb 28, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0913
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / bugzilla	2.17.6	2.17.6.x
mozilla / bugzilla	2.19.3	2.19.3.x
mozilla / bugzilla	2.20-rc2	2.20-rc2.x
mozilla / bugzilla	2.20-rc1	2.20-rc1.x
mozilla / bugzilla	2.20	2.20.x
mozilla / bugzilla	2.19	2.19.x
mozilla / bugzilla	2.18-rc1	2.18-rc1.x
mozilla / bugzilla	2.17.4	2.17.4.x
mozilla / bugzilla	2.17.1	2.17.1.x
mozilla / bugzilla	2.18.1	2.18.1.x
mozilla / bugzilla	2.19.1	2.19.1.x
mozilla / bugzilla	2.17.5	2.17.5.x
mozilla / bugzilla	2.17.3	2.17.3.x
mozilla / bugzilla	2.18.4	2.18.4.x
mozilla / bugzilla	2.18.3	2.18.3.x
mozilla / bugzilla	2.17.7	2.17.7.x
mozilla / bugzilla	2.21.1	2.21.1.x
mozilla / bugzilla	2.18-rc3	2.18-rc3.x
mozilla / bugzilla	2.18.2	2.18.2.x
mozilla / bugzilla	2.18-rc2	2.18-rc2.x
mozilla / bugzilla	2.21	2.21.x
mozilla / bugzilla	2.19.2	2.19.2.x

Vulnerability Database

289,784

CVE-2006-0913