CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4437

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.105

EPSS Ranking 92.9%

CVSS Severity

CVSS v2 Score 7.1

References

Products affected by CVE-2008-4437

Mozilla » Bugzilla » Version: 2.22.1

cpe:2.3:a:mozilla:bugzilla:2.22.1
Mozilla » Bugzilla » Version: 2.22.2

cpe:2.3:a:mozilla:bugzilla:2.22.2
Mozilla » Bugzilla » Version: 2.22.3

cpe:2.3:a:mozilla:bugzilla:2.22.3
Mozilla » Bugzilla » Version: 2.22.4

cpe:2.3:a:mozilla:bugzilla:2.22.4
Mozilla » Bugzilla » Version: 2.23

cpe:2.3:a:mozilla:bugzilla:2.23
Mozilla » Bugzilla » Version: 2.23.1

cpe:2.3:a:mozilla:bugzilla:2.23.1
Mozilla » Bugzilla » Version: 2.23.2

cpe:2.3:a:mozilla:bugzilla:2.23.2
Mozilla » Bugzilla » Version: 2.23.3

cpe:2.3:a:mozilla:bugzilla:2.23.3
Mozilla » Bugzilla » Version: 2.23.4

cpe:2.3:a:mozilla:bugzilla:2.23.4
Mozilla » Bugzilla » Version: 2.4

cpe:2.3:a:mozilla:bugzilla:2.4
Mozilla » Bugzilla » Version: 2.6

cpe:2.3:a:mozilla:bugzilla:2.6
Mozilla » Bugzilla » Version: 2.8

cpe:2.3:a:mozilla:bugzilla:2.8
Mozilla » Bugzilla » Version: 2.9

cpe:2.3:a:mozilla:bugzilla:2.9
Mozilla » Bugzilla » Version: 3.0.2

cpe:2.3:a:mozilla:bugzilla:3.0.2
Mozilla » Bugzilla » Version: 3.1.1

cpe:2.3:a:mozilla:bugzilla:3.1.1
Mozilla » Bugzilla » Version: 3.1.2

cpe:2.3:a:mozilla:bugzilla:3.1.2
Mozilla » Bugzilla » Version: 3.1.3

cpe:2.3:a:mozilla:bugzilla:3.1.3
Mozilla » Bugzilla » Version: 3.1.4

cpe:2.3:a:mozilla:bugzilla:3.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4437

Products

Pricing

Contact Us