Vulnerabilities > CVE-2003-1046 - Multiple vulnerability in Bugzilla
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | BUGZILLA_SQL_VULNS.NASL |
description | According to its version number, the remote Bugzilla bug tracker is vulnerable to various flaws that could let a privileged user execute arbitrary SQL commands on this host, which could allow an attacker to obtain information about bugs marked as being confidential. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11917 |
published | 2003-11-05 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11917 |
title | Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID) |