CyberSec.Space Logo
CVEブラウザに戻る

CVE-2003-1042

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile4.50th
Published2004年8月18日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

Affected Platforms (CPE)

📦
Mozilla

Bugzilla

= 2.4
📦
Mozilla

Bugzilla

= 2.6
📦
Mozilla

Bugzilla

= 2.8
📦
Mozilla

Bugzilla

= 2.10
📦
Mozilla

Bugzilla

= 2.12
📦
Mozilla

Bugzilla

= 2.14
📦
Mozilla

Bugzilla

= 2.14.1
📦
Mozilla

Bugzilla

= 2.14.2
📦
Mozilla

Bugzilla

= 2.14.3
📦
Mozilla

Bugzilla

= 2.14.4
📦
Mozilla

Bugzilla

= 2.14.5
📦
Mozilla

Bugzilla

= 2.16
📦
Mozilla

Bugzilla

= 2.16.1
📦
Mozilla

Bugzilla

= 2.16.2
📦
Mozilla

Bugzilla

= 2.16.3
📦
Mozilla

Bugzilla

= 2.17.1
📦
Mozilla

Bugzilla

= 2.17.3
📦
Mozilla

Bugzilla

= 2.17.4

References & Advisories

🔗 http://bugzilla.mozilla.org/show_bug.cgi?id=214290
🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
🔗 http://www.securityfocus.com/archive/1/343185
🔗 http://www.securityfocus.com/bid/8953
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/13594
🔗 http://bugzilla.mozilla.org/show_bug.cgi?id=214290
🔗 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774
🔗 http://www.securityfocus.com/archive/1/343185

関連する脆弱性情報

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...