FreeBSD : bugzilla -- two SQL injections, sensitive data exposure (b9ec7fe3-a38a-11de-9c6b-003048818f40)
High Nessus Plugin ID 41007
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Bugzilla Security Advisory reports :
- It is possible to inject raw SQL into the Bugzilla database via the 'Bug.create' and 'Bug.search' WebService functions.
- When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changing his password.
SolutionUpdate the affected package.