Vulnerabilities > CVE-2003-1044 - Multiple vulnerability in Bugzilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | BUGZILLA_SQL_VULNS.NASL |
description | According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11917 |
published | 2003-11-05 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11917 |
title | Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID) |