Lool

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.23.4 through 3.0.0 **Description** The issue allows remote attackers to execute arbitrary commands, likely involving shell metacharacters, via the -f option to the `Email::Send::Sendmail` function in the email in.pl script. **Recommendations** For Bugzilla versions 2.23.4 through 3.0.0, consider disabling the `Email::Send::Sendmail` function or restricting its use to prevent arbitrary command execution until a fix is available.