CVE-2001-0329

Bugzilla <2.10 - RCE

Title source: llm

Description

Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Frank van Vliet karin · perlremotecgi

https://www.exploit-db.com/exploits/19909

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.mozilla.org/projects/bugzilla/security2_12.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/1199

[Patch, Vendor Advisory] http://www.atstake.com/research/advisories/2001/a043001-1.txt

Scores

EPSS 0.0623

EPSS Percentile 90.9%

Details

Status published

Products (4)

mozilla/bugzilla 2.4

mozilla/bugzilla 2.6

mozilla/bugzilla 2.8

mozilla/bugzilla 2.10

Published Jun 27, 2001

Tracked Since Feb 18, 2026