CVE-2003-1042 — SQL Injection in Mozilla Bugzilla

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.6%

top 31.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 18

Latest updateApr 29

Description

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/bugzilla18 versions+17

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-phj7-qm5x-fx2h: SQL injection vulnerability in collectstats↗2022-04-29

▶

CVEList

CVE-2003-1042: SQL injection vulnerability in collectstats↗2004-06-03

▶