CVE-2008-4437

CVE-2008-4437 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:N/A:N

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

Learn more about our Web Application Penetration Testing UK.