Vulnerability Description
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=219044
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774Vendor Advisory
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13596
- http://bugzilla.mozilla.org/show_bug.cgi?id=219044
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774Vendor Advisory
- http://www.securityfocus.com/archive/1/343185
- http://www.securityfocus.com/bid/8953PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13596
FAQ
What is CVE-2003-1043?
CVE-2003-1043 is a vulnerability with a CVSS score of 10.0 (HIGH). SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to e...
How severe is CVE-2003-1043?
CVE-2003-1043 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1043?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla.