CVE-2006-0914

Bugzilla 2.16.10, 2.17-2.18.4, 2.20 - SQL Injection via duplicates.cgi mostfreqthreshold Parameter

Title source: llm
STIX 2.1

Description

Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0692
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42802
Exploit, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=312498
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425584/100/0/threaded

Scores

EPSS 0.0113
EPSS Percentile 62.7%

Details

CWE
CWE-20
Status published
Products (12)
mozilla/bugzilla 2.16.10
mozilla/bugzilla 2.17
mozilla/bugzilla 2.17.4
mozilla/bugzilla 2.17.5
mozilla/bugzilla 2.17.6
mozilla/bugzilla 2.17.7
mozilla/bugzilla 2.18 (3 CPE variants)
mozilla/bugzilla 2.18.1
mozilla/bugzilla 2.18.2
mozilla/bugzilla 2.18.3
... and 2 more
Published Feb 28, 2006
Tracked Since Feb 18, 2026