CVE-2002-0806 Information

Description

Bugzilla 2.14 before 2.14.2 and 2.16 before 2.16rc2 allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the \del\ option.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=141557 http://www.iss.net/security_center/static/9303.php http://www.osvdb.org/5080 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964