CVE-2003-1043 — SQL Injection in Mozilla Bugzilla

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

0.9%

top 24.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 18

Latest updateApr 29

Description

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDmozilla/bugzilla18 versions+17

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qhrf-p8cc-9cxx: SQL injection vulnerability in Bugzilla 2↗2022-04-29

▶

CVEList

CVE-2003-1043: SQL injection vulnerability in Bugzilla 2↗2004-06-03

▶

💥Exploits & PoCs

Exploit-DB

BS.Player 2.56 - '.m3u' / '.pls' File Processing Multiple Remote Denial of Service Vulnerabilities↗2010-09-26

▶