Goobix

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.16.3 and earlier Bugzilla versions 2.17.1 through 2.17.4 **Description** The issue allows remote authenticated users with editkeywords privileges to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the "editkeywords.cgi" endpoint. **Recommendations** For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3. For Bugzilla versions 2.17.1 through 2.17.4, update to a version later than 2.17.4. As a temporary workaround, consider restricting access to the `editkeywords.cgi` endpoint for users with editkeywords privileges until a patch is available. Avoid using the `id` parameter in the editkeywords.cgi endpoint until the issue is resolved.