CVE Database · CVE-2011-3669
CVSS v3.1
N/A
EPSS
0.95%
Published
Jan 2, 2012
Modified
Apr 28, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
Weaknesses (CWE)
Affected Products (161)
References (6)
...and 111 more
