CVE-2008-4437

2008-10-03T22:22:00
ID CVE-2008-4437
Type cve
Reporter cve@mitre.org
Modified 2017-08-08T01:32:00

Description

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.