CVE-2006-0914
Bugzilla 2.16.10, 2.17-2.18.4, 2.20 - SQL Injection via duplicates.cgi mostfreqthreshold Parameter
Title source: llmDescription
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0692
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42802
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425584/100/0/threaded
Scores
EPSS
0.0113
EPSS Percentile
62.7%
Details
CWE
CWE-20
Status
published
Products (12)
mozilla/bugzilla
2.16.10
mozilla/bugzilla
2.17
mozilla/bugzilla
2.17.4
mozilla/bugzilla
2.17.5
mozilla/bugzilla
2.17.6
mozilla/bugzilla
2.17.7
mozilla/bugzilla
2.18 (3 CPE variants)
mozilla/bugzilla
2.18.1
mozilla/bugzilla
2.18.2
mozilla/bugzilla
2.18.3
... and 2 more
Published
Feb 28, 2006
Tracked Since
Feb 18, 2026