SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.4 | 2.4 |
Bugzilla | Mozilla | 2.6 | 2.6 |
Bugzilla | Mozilla | 2.8 | 2.8 |
Bugzilla | Mozilla | 2.10 | 2.10 |
Bugzilla | Mozilla | 2.12 | 2.12 |
Bugzilla | Mozilla | 2.14 | 2.14 |
Bugzilla | Mozilla | 2.14.1 | 2.14.1 |
Bugzilla | Mozilla | 2.14.2 | 2.14.2 |
Bugzilla | Mozilla | 2.14.3 | 2.14.3 |
Bugzilla | Mozilla | 2.14.4 | 2.14.4 |
Bugzilla | Mozilla | 2.14.5 | 2.14.5 |
Bugzilla | Mozilla | 2.16 | 2.16 |
Bugzilla | Mozilla | 2.16.1 | 2.16.1 |
Bugzilla | Mozilla | 2.16.2 | 2.16.2 |
Bugzilla | Mozilla | 2.16.3 | 2.16.3 |
Bugzilla | Mozilla | 2.17.1 | 2.17.1 |
Bugzilla | Mozilla | 2.17.3 | 2.17.3 |
Bugzilla | Mozilla | 2.17.4 | 2.17.4 |