CVE Database · CVE-2011-3668
CVSS v3.1
N/A
EPSS
0.95%
Published
Jan 2, 2012
Modified
Apr 28, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports.
Weaknesses (CWE)
Affected Products (161)
References (6)
...and 111 more
