Vulnerabilities > CVE-2002-1198 - SQL Injection vulnerability in Bugzilla Account Creation

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mozilla

nessus

NVD

Published: 2002-10-28

Updated: 2016-10-18

Summary

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla 2.14 Mozilla Bugzilla 2.14.1 Mozilla Bugzilla 2.14.2 Mozilla Bugzilla 2.14.3 Mozilla Bugzilla 2.14.4 Mozilla Bugzilla 2.16	6

Nessus

NASL family	CGI abuses
NASL id	BUGZILLA_VULNS.NASL
description	According to its version number, the remote Bugzilla bug tracking system is vulnerable to various flaws, including SQL injection, cross-site scripting, and arbitrary command execution.
last seen	2020-06-01
modified	2020-06-02
plugin id	11463
published	2003-03-24
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11463
title	Bugzilla < 2.14.2 / 2.16rc2 / 2.17 Multiple Vulnerabilities (SQLi, XSS, ID, Cmd Exe)

Summary

Vulnerable Configurations

Nessus

References