CVE-2007-5038

Name of the Vulnerable Software and Affected Versions Bugzilla versions prior to 3.0.2 Bugzilla versions 3.1.x prior to 3.1.2

Description The issue concerns the offer account by email function in User.pm, which fails to check the value of the createemailregexp parameter. This allows remote attackers to bypass restrictions on account creation.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. For versions 3.1.x prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the offer account by email function until a patch is available.