CVE Database · CVE-2009-3125
CVSS v3.1
N/A
EPSS
1.39%
Published
Sep 15, 2009
Modified
Apr 22, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Weaknesses (CWE)
Affected Products (6)
References (8)
