CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1042

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile4.50th
PublishedAug 18, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bugzilla

= 2.4
πŸ“¦
Mozilla

Bugzilla

= 2.6
πŸ“¦
Mozilla

Bugzilla

= 2.8
πŸ“¦
Mozilla

Bugzilla

= 2.10
πŸ“¦
Mozilla

Bugzilla

= 2.12
πŸ“¦
Mozilla

Bugzilla

= 2.14
πŸ“¦
Mozilla

Bugzilla

= 2.14.1
πŸ“¦
Mozilla

Bugzilla

= 2.14.2
πŸ“¦
Mozilla

Bugzilla

= 2.14.3
πŸ“¦
Mozilla

Bugzilla

= 2.14.4
πŸ“¦
Mozilla

Bugzilla

= 2.14.5
πŸ“¦
Mozilla

Bugzilla

= 2.16
πŸ“¦
Mozilla

Bugzilla

= 2.16.1
πŸ“¦
Mozilla

Bugzilla

= 2.16.2
πŸ“¦
Mozilla

Bugzilla

= 2.16.3
πŸ“¦
Mozilla

Bugzilla

= 2.17.1
πŸ“¦
Mozilla

Bugzilla

= 2.17.3
πŸ“¦
Mozilla

Bugzilla

= 2.17.4

References & Advisories

πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=214290
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
πŸ”— http://www.securityfocus.com/archive/1/343185
πŸ”— http://www.securityfocus.com/bid/8953
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/13594
πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=214290
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
πŸ”— http://www.securityfocus.com/archive/1/343185

Related Vulnerabilities

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...