CVE-2005-3138
CVE-2005-3138 affects Bugzilla 2.18rc1–2.18.3, 2.19–2.20rc2, and 2.21. An unauthorized remote attacker can retrieve sensitive information (e.g., the list of installed products) through the config.cgi endpoint, which remains accessible even when the requirelogin parameter is set. The underlying is...