CVE-2008-6098 Information

Description

Bugzilla 3.2 before 3.2 RC2 3.0 before 3.0.6 2.22 before 2.22.6 2.20 before 2.20.7 and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to \approve.\

Reference

http://secunia.com/advisories/32501 http://secunia.com/advisories/34361 http://www.bugzilla.org/security/2.20.6/ http://www.securityfocus.com/bid/32178 https://bugzilla.mozilla.org/show_bug.cgi?id=449931 https://exchange.xforce.ibmcloud.com/vulnerabilities/46424 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html