Eross_A

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.16.3 and earlier **Description** The issue allows remote authenticated users with editproducts privileges to execute arbitrary SQL commands. This is achieved by injecting malicious SQL via the product name in the collectstats.pl script. **Recommendations** For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3 to resolve the issue.