CVE-2003-1043

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.16.3 and earlier Bugzilla versions 2.17.1 through 2.17.4

Description The issue allows remote authenticated users with editkeywords privileges to execute arbitrary SQL commands. This is achieved by manipulating the id parameter in the "editkeywords.cgi" endpoint.

Recommendations For Bugzilla versions 2.16.3 and earlier, update to a version later than 2.16.3. For Bugzilla versions 2.17.1 through 2.17.4, update to a version later than 2.17.4. As a temporary workaround, consider restricting access to the editkeywords.cgi endpoint for users with editkeywords privileges until a patch is available. Avoid using the id parameter in the editkeywords.cgi endpoint until the issue is resolved.