Vulnerabilities > CVE-2003-1043 - Multiple vulnerability in Bugzilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | BUGZILLA_SQL_VULNS.NASL |
description | According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11917 |
published | 2003-11-05 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11917 |
title | Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID) |