Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.14 (including) | 2.14 (including) |
Bugzilla | Mozilla | 2.14.1 (including) | 2.14.1 (including) |
Bugzilla | Mozilla | 2.16 (including) | 2.16 (including) |
Bugzilla | Mozilla | 2.16-rc1 (including) | 2.16-rc1 (including) |
Red Hat Powertools 7.0 | RedHat | * | |
Red Hat Powertools 7.1 | RedHat | * |