CVE-2007-5038

CVE Database · CVE-2007-5038

CVE-2007-5038

· N/AModified

CVSS v3.1

N/A

EPSS

1.96%

Published

Sep 23, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.

Weaknesses (CWE)

CWE-264

Affected Products (4)

mozilla · bugzillavulnerable

References (20)

http://fedoranews.org/updates/FEDORA-2007-229.shtml

http://secunia.com/advisories/26848

PatchVendor Advisory

http://secunia.com/advisories/26969

http://www.bugzilla.org/security/3.0.1/

Patch

http://www.securityfocus.com/archive/1/480077/100/0/threaded