CVE-2014-8630

CVE Database · CVE-2014-8630

CVE-2014-8630

· N/AModified

CVSS v3.1

N/A

EPSS

2.04%

Published

Feb 1, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

Weaknesses (CWE)

CWE-77

Affected Products (41)

mozilla · bugzillavulnerable

References (14)

http://advisories.mageia.org/MGASA-2015-0048.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149921.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149925.html

Third Party Advisory

http://www.bugzilla.org/security/4.0.15/

Issue TrackingPatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2015:030

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201607-11

KEV Catalog EPSS Scores Vendors All CVEs