Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass

The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw when parsing input to the ‘createemailregexp’ parameter of the ‘offer_account_by_email()’ function in the ‘WebService/User.pm’ file. An attacker exploiting this flaw would need to know that the SOAP::Lite Perl module was installed. Successful exploitation would result in the attacker being able to create arbitrary Bugzilla user accounts.