CVE-2002-0806

high

Description

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

References

http://www.securityfocus.com/bid/4964

http://www.redhat.com/support/errata/RHSA-2002-109.html

http://www.osvdb.org/5080

http://www.iss.net/security_center/static/9303.php

http://bugzilla.mozilla.org/show_bug.cgi?id=141557

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html

Details

Source: Mitre, NVD

Published: 2002-08-12

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00131

Detections

Analytics