Vulnerabilities > CVE-2003-1044 - Multiple vulnerability in Bugzilla

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
nessus

Summary

editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.

Nessus

NASL familyCGI abuses
NASL idBUGZILLA_SQL_VULNS.NASL
descriptionAccording to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential.
last seen2020-06-01
modified2020-06-02
plugin id11917
published2003-11-05
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11917
titleBugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)