CVE-2007-0792

CVE Database · CVE-2007-0792

CVE-2007-0792

· N/AModified

CVSS v3.1

N/A

EPSS

1.32%

Published

Feb 6, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

Affected Products (1)

mozilla · bugzillavulnerable

References (16)

http://osvdb.org/35862

http://securityreason.com/securityalert/2222

http://securitytracker.com/id?1017585

http://www.bugzilla.org/security/2.20.3/

Vendor Advisory

http://www.securityfocus.com/archive/1/459025/100/0/threaded

http://www.securityfocus.com/bid/22380

http://www.vupen.com/english/advisories/2007/0477

https://exchange.xforce.ibmcloud.com/vulnerabilities/32252

http://osvdb.org/35862

http://securityreason.com/securityalert/2222

http://securitytracker.com/id?1017585

http://www.bugzilla.org/security/2.20.3/

KEV Catalog EPSS Scores Vendors All CVEs