CVE-2003-1042 Information

Description

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=214290 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774 http://www.securityfocus.com/archive/1/343185 http://www.securityfocus.com/bid/8953 https://exchange.xforce.ibmcloud.com/vulnerabilities/13594