CVE Vulnerabilities

CVE-2007-4538

Published: Aug 27, 2007 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.4 2.4
Bugzilla Mozilla 2.6 2.6
Bugzilla Mozilla 2.8 2.8
Bugzilla Mozilla 2.9 2.9
Bugzilla Mozilla 2.23.4 2.23.4
Bugzilla Mozilla 3.0.0 3.0.0

References