Article Source Debian Security Advisories
October 16, 2009, 5:00 pm
October 16, 2009, 5:00 pm
Max Kanat-Alexander, Bradley Baetz, and F. Buclin discovered an SQL injection vulnerability in the Bug.create WebService function in Bugzilla, a web-based bug tracking system, which allows remote attackers to execute arbitrary SQL commands…