Lucene search
HistoryAug 18, 2004 - 4:00 a.m.
CVE-2003-1042
bugzilla
sql injection
cve-2003-1042
security vulnerability
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
Affected configurations
Node
mozillabugzillaMatch2.4
ORmozillabugzillaMatch2.6
ORmozillabugzillaMatch2.8
ORmozillabugzillaMatch2.10
ORmozillabugzillaMatch2.12
ORmozillabugzillaMatch2.14
ORmozillabugzillaMatch2.14.1
ORmozillabugzillaMatch2.14.2
ORmozillabugzillaMatch2.14.3
ORmozillabugzillaMatch2.14.4
ORmozillabugzillaMatch2.14.5
ORmozillabugzillaMatch2.16
ORmozillabugzillaMatch2.16.1
ORmozillabugzillaMatch2.16.2
ORmozillabugzillaMatch2.16.3
ORmozillabugzillaMatch2.17.1
ORmozillabugzillaMatch2.17.3
ORmozillabugzillaMatch2.17.4
Related
cvelist
cvelist
CVE-2003-1042
2004-06-03 04:00:00
nvd
nvd
CVE-2003-1042
2004-08-18 04:00:00
nessus
nessus
Bugzilla < 2.16.4 / 2.17.5 Multiple Vulnerabilities (SQLi, ID)
2003-11-05 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
Related for CVE-2003-1042