Vulnerabilities > CVE-2003-1043 - Unspecified vulnerability in Mozilla Bugzilla

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mozilla

nessus

NVD

Published: 2004-08-18

Updated: 2017-07-11

Summary

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Bugzilla 2.16.1 Mozilla Bugzilla 2.16.2 Mozilla Bugzilla 2.17.4 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.17.1 Mozilla Bugzilla 2.16 Mozilla Bugzilla 2.14.2 Mozilla Bugzilla 2.14.3 Mozilla Bugzilla 2.14.4 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.17.3 Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.8 Mozilla Bugzilla 2.16.3 Mozilla Bugzilla 2.14.5 Mozilla Bugzilla 2.14.1 Mozilla Bugzilla 2.14	18

Nessus

NASL family	CGI abuses
NASL id	BUGZILLA_SQL_VULNS.NASL
description	According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential.
last seen	2020-06-01
modified	2020-06-02
plugin id	11917
published	2003-11-05
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11917
title	Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)

Summary

Vulnerable Configurations

Nessus

References