CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1043

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile30.05th
PublishedAug 18, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bugzilla

= 2.4
πŸ“¦
Mozilla

Bugzilla

= 2.6
πŸ“¦
Mozilla

Bugzilla

= 2.8
πŸ“¦
Mozilla

Bugzilla

= 2.10
πŸ“¦
Mozilla

Bugzilla

= 2.12
πŸ“¦
Mozilla

Bugzilla

= 2.14
πŸ“¦
Mozilla

Bugzilla

= 2.14.1
πŸ“¦
Mozilla

Bugzilla

= 2.14.2
πŸ“¦
Mozilla

Bugzilla

= 2.14.3
πŸ“¦
Mozilla

Bugzilla

= 2.14.4
πŸ“¦
Mozilla

Bugzilla

= 2.14.5
πŸ“¦
Mozilla

Bugzilla

= 2.16
πŸ“¦
Mozilla

Bugzilla

= 2.16.1
πŸ“¦
Mozilla

Bugzilla

= 2.16.2
πŸ“¦
Mozilla

Bugzilla

= 2.16.3
πŸ“¦
Mozilla

Bugzilla

= 2.17.1
πŸ“¦
Mozilla

Bugzilla

= 2.17.3
πŸ“¦
Mozilla

Bugzilla

= 2.17.4

References & Advisories

πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=219044
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
πŸ”— http://www.securityfocus.com/archive/1/343185
πŸ”— http://www.securityfocus.com/bid/8953
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/13596
πŸ”— http://bugzilla.mozilla.org/show_bug.cgi?id=219044
πŸ”— http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
πŸ”— http://www.securityfocus.com/archive/1/343185

Related Vulnerabilities

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...