Mozilla · Bugzilla · CVE-2003-1042
**Name of the Vulnerable Software and Affected Versions**
Bugzilla versions 2.16.3 and earlier
**Description**
The issue allows remote authenticated users with editproducts privileges to execute arbitrary SQL commands. This is achieved by injecting malicious SQL via the product name in the collectstats.pl script.
**Recommendations**
For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3 to resolve the issue.