post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-14T04:00:00

Updated: 2024-08-07T21:51:50.493Z

Reserved: 2005-05-14T00:00:00

Link: CVE-2005-1564

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-05-12T04:00:00.000

Modified: 2024-11-20T23:57:37.317

Link: CVE-2005-1564

cve-icon Redhat

No data.