Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1043

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1043
Last Modified 05 Sep 2008 04:35:53
Published 18 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1043

Summary

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

Vulnerable Systems

Application

  • Mozilla Bugzilla 2.10

  • Mozilla Bugzilla 2.12

  • Mozilla Bugzilla 2.14

  • Mozilla Bugzilla 2.14.1

  • Mozilla Bugzilla 2.14.2

  • Mozilla Bugzilla 2.14.3

  • Mozilla Bugzilla 2.14.4

  • Mozilla Bugzilla 2.14.5

  • Mozilla Bugzilla 2.16

  • Mozilla Bugzilla 2.16.1

  • Mozilla Bugzilla 2.16.2

  • Mozilla Bugzilla 2.16.3

  • Mozilla Bugzilla 2.17.1

  • Mozilla Bugzilla 2.17.3

  • Mozilla Bugzilla 2.17.4

  • Mozilla Bugzilla 2.4

  • Mozilla Bugzilla 2.6

  • Mozilla Bugzilla 2.8


References

BID - 8953

XF - bugzilla-url-sql-injection(13596)

BUGTRAQ - 20031103 [BUGZILLA] Security Advisory - SQL injection, information leak

CONECTIVA - CLA-2003:774

CONFIRM - http://bugzilla.mozilla.org/show_bug.cgi?id=219044


Last Updated: 27 May 2016 10:38:09