CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.4%
Bugzilla 2.16.10 does not properly handle certain characters in the (1)
maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which
allows remote attackers to trigger a SQL error.