Vulnerability Description
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=214290
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774Vendor Advisory
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13594
- http://bugzilla.mozilla.org/show_bug.cgi?id=214290
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774Vendor Advisory
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13594
FAQ
What is CVE-2003-1042?
CVE-2003-1042 is a vulnerability with a CVSS score of 10.0 (HIGH). SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
How severe is CVE-2003-1042?
CVE-2003-1042 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1042?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.