CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 1CVE-2007-5038
https://notcve.org/view.php?id=CVE-2007-5038
The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation. La función offer_account_by_email en User.pm en el WebService para Bugzilla before 3.0.2, y 3.1.x anterior a 3.1.2, no valida el valor del parámetro createemailregexp, el cual permite a atacantes remotos evitar las restricciones previstas sobre la creación de una cuenta. • http://fedoranews.org/updates/FEDORA-2007-229.shtml http://secunia.com/advisories/26848 http://secunia.com/advisories/26969 http://www.bugzilla.org/security/3.0.1 http://www.securityfocus.com/archive/1/480077/100/0/threaded http://www.securityfocus.com/bid/25725 http://www.securitytracker.com/id?1018719 http://www.vupen.com/english/advisories/2007/3200 https://bugzilla.mozilla.org/show_bug.cgi?id=395632 https://bugzilla.redhat.com/show_bug.cgi?id=299981 https://e • CWE-264: Permissions, Privileges, and Access Controls •