HomePentest-Tools.com Logo

Bugzilla LDAP Code Injection And Security Bypass Vulnerabilities CVE-2012-4747CVE-2012-3981

Not available
CVSSv3 Score
Not available
Vulnerability description

Bugzilla is prone to code injection and security bypass vulnerabilities.

Risk description

The flaws are due to - When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP injection. - Extensions are not protected against directory browsing and users can access the source code of the templates which may contain sensitive data. Successful exploitation will allow remote attackers to gain sensitive information and bypass security restriction on the affected site.


Upgrade to Bugzilla version 4.0.8, 4.2.3, 4.3.3 or higher.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Sep 4, 2012
Detection added at
Software Type
Not available
Not available
Not available