Bugzilla editusers.cgi query Parameter SQL Injection

2004-05-21T00:00:00
ID OSVDB:7783
Type osvdb
Reporter OSVDB
Modified 2004-05-21T00:00:00

Description

Solution Description

Upgrade to version 2.16.6, 2.18rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.bugzilla.org/ Vendor Specific Advisory URL Secunia Advisory ID:12057 Related OSVDB ID: 7780 Related OSVDB ID: 7781 Related OSVDB ID: 7784 Related OSVDB ID: 7782 Related OSVDB ID: 7786 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0103.html ISS X-Force ID: 16668 CVE-2004-0707 Bugtraq ID: 10698