Unrated severityNVD Advisory· Published Oct 3, 2008· Updated Apr 23, 2026
CVE-2008-4437
CVE-2008-4437
Description
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
Affected products
18cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:bugzilla:3.1.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.securityfocus.com/bid/30661nvdExploitPatch
- bugzilla.mozilla.org/show_bug.cginvdExploit
- secunia.com/advisories/31444nvdVendor Advisory
- secunia.com/advisories/34361nvd
- www.bugzilla.org/security/2.22.4/nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/2344nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44407nvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.htmlnvd
News mentions
0No linked articles in our index yet.