CVE Vulnerabilities

CVE-2004-0707

Published: Jul 27, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

Affected Software

Name Vendor Start Version End Version
Bugzilla Mozilla 2.4 (including) 2.4 (including)
Bugzilla Mozilla 2.6 (including) 2.6 (including)
Bugzilla Mozilla 2.8 (including) 2.8 (including)
Bugzilla Mozilla 2.10 (including) 2.10 (including)
Bugzilla Mozilla 2.12 (including) 2.12 (including)
Bugzilla Mozilla 2.14 (including) 2.14 (including)
Bugzilla Mozilla 2.14.1 (including) 2.14.1 (including)
Bugzilla Mozilla 2.14.2 (including) 2.14.2 (including)
Bugzilla Mozilla 2.14.3 (including) 2.14.3 (including)
Bugzilla Mozilla 2.14.4 (including) 2.14.4 (including)
Bugzilla Mozilla 2.14.5 (including) 2.14.5 (including)
Bugzilla Mozilla 2.16 (including) 2.16 (including)
Bugzilla Mozilla 2.16.1 (including) 2.16.1 (including)
Bugzilla Mozilla 2.16.2 (including) 2.16.2 (including)
Bugzilla Mozilla 2.16.3 (including) 2.16.3 (including)
Bugzilla Mozilla 2.16.4 (including) 2.16.4 (including)
Bugzilla Mozilla 2.16.5 (including) 2.16.5 (including)
Bugzilla Mozilla 2.17 (including) 2.17 (including)
Bugzilla Mozilla 2.17.1 (including) 2.17.1 (including)
Bugzilla Mozilla 2.17.3 (including) 2.17.3 (including)
Bugzilla Mozilla 2.17.4 (including) 2.17.4 (including)
Bugzilla Mozilla 2.17.5 (including) 2.17.5 (including)
Bugzilla Mozilla 2.17.6 (including) 2.17.6 (including)
Bugzilla Mozilla 2.17.7 (including) 2.17.7 (including)
Bugzilla Ubuntu dapper *
Bugzilla Ubuntu devel *
Bugzilla Ubuntu edgy *
Bugzilla Ubuntu feisty *

References