Arbitrary Code Execution in Bugzilla 2.14.x and 2.16.x

Arbitrary Code Execution in Bugzilla 2.14.x and 2.16.x

CVE-2002-1197 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.

Learn more about our Web Application Penetration Testing UK.