Vulnerabilities > CVE-2003-1043 - Multiple vulnerability in Bugzilla

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
mozilla
critical
nessus

Summary

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

Nessus

NASL familyCGI abuses
NASL idBUGZILLA_SQL_VULNS.NASL
descriptionAccording to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential.
last seen2020-06-01
modified2020-06-02
plugin id11917
published2003-11-05
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11917
titleBugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)