CVE-2004-0707 Information

Description

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6 and 2.18 before 2.18rc1 allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=244272 http://marc.info/?l=bugtraq&m=108965446813639&w=2 http://www.securityfocus.com/bid/10698 https://exchange.xforce.ibmcloud.com/vulnerabilities/16668