CVE-2004-0707 — SQL Injection in Mozilla Bugzilla

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedJul 27

Latest updateApr 29

Description

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/bugzilla24 versions+23

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wq8h-94wp-w9mg: SQL injection vulnerability in editusers↗2022-04-29

▶

CVEList

CVE-2004-0707: SQL injection vulnerability in editusers↗2004-07-21

▶