source: https://www.securityfocus.com/bid/30661/info
Bugzilla is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary local files within the context of the server. Information harvested may aid in launching further attacks.
The following versions are affected:
Bugzilla 2.22.1 through 2.22.4
Bugzilla 2.23.3 and later
<data encoding="filename">../relative_path/to/local_file</data>