Skip to main content

CVE-2006-0913

Severity Medium
Score 5.5/10

Summary

SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.

  • LOW
  • NETWORK
  • SINGLE
  • PARTIAL
  • NONE
  • PARTIAL

References

Advisory Timeline

  • Published