CVE-2004-0707

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

QL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=244272
http://marc.info/?l=bugtraq&m=108965446813639&w=2
http://www.securityfocus.com/bid/10698	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16668
http://bugzilla.mozilla.org/show_bug.cgi?id=244272
http://marc.info/?l=bugtraq&m=108965446813639&w=2
http://www.securityfocus.com/bid/10698	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16668

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:bugzilla:2.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.8:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.10:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.12:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.14.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.2:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.16.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.1:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.3:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.4:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.5:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.6:::::::*
	cpe:2.3:a:mozilla:bugzilla:2.17.7:::::::*

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://bugzilla.mozilla.org/show_bug.cgi?id=244272 -~~	() http://bugzilla.mozilla.org/show_bug.cgi?id=244272 -
References	~~() http://marc.info/?l=bugtraq&m=108965446813639&w=2 -~~	() http://marc.info/?l=bugtraq&m=108965446813639&w=2 -
References	~~() http://www.securityfocus.com/bid/10698 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/10698 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/16668 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/16668 -

Information

Published : 2004-07-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0707

Mitre link : CVE-2004-0707

CVE.ORG link : CVE-2004-0707

JSON object : View

Products Affected

mozilla

bugzilla

CWE

NVD-CWE-Other

7.5 /10