What is the severity of CVE-2004-0707?

CVE-2004-0707 is considered a high severity vulnerability due to the potential for remote SQL injection attacks.

How do I fix CVE-2004-0707?

To fix CVE-2004-0707, update Bugzilla to version 2.16.6 or 2.18rc1 or later.

Which versions of Bugzilla are affected by CVE-2004-0707?

Bugzilla versions 2.16.x before 2.16.6 and 2.18 before 2.18rc1 are affected by CVE-2004-0707.

Can CVE-2004-0707 be exploited by anyone?

CVE-2004-0707 can be exploited by remote attackers with privileges to grant membership to any group.

What kind of attack can CVE-2004-0707 facilitate?

CVE-2004-0707 can facilitate arbitrary SQL execution due to the SQL injection vulnerability in Bugzilla.

Vulnerability/
CVE-2004-0707

high

7.5

CWE

NVD-CWE-Other 89

21/7/2004

8/8/2024

CVE-2004-0707: SQL Injection

First published: Wed Jul 21 2004(Updated: )

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Bugzilla	=2.17.6
Mozilla Bugzilla	=2.16.1
Mozilla Bugzilla	=2.16.2
Mozilla Bugzilla	=2.17.4
Mozilla Bugzilla	=2.10
Mozilla Bugzilla	=2.17.1
Mozilla Bugzilla	=2.16
Mozilla Bugzilla	=2.14.2
Mozilla Bugzilla	=2.14.3
Mozilla Bugzilla	=2.14.4
Mozilla Bugzilla	=2.6
Mozilla Bugzilla	=2.17.5
Mozilla Bugzilla	=2.17.3
Mozilla Bugzilla	=2.4
Mozilla Bugzilla	=2.16.4
Mozilla Bugzilla	=2.12
Mozilla Bugzilla	=2.8
Mozilla Bugzilla	=2.16.3
Mozilla Bugzilla	=2.14.5
Mozilla Bugzilla	=2.17.7
Mozilla Bugzilla	=2.17
Mozilla Bugzilla	=2.14.1
Mozilla Bugzilla	=2.16.5
Mozilla Bugzilla	=2.14

Remedy

http://www.securityfocus.com/bid/10698

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2004-0707?
CVE-2004-0707 is considered a high severity vulnerability due to the potential for remote SQL injection attacks.
How do I fix CVE-2004-0707?
To fix CVE-2004-0707, update Bugzilla to version 2.16.6 or 2.18rc1 or later.
Which versions of Bugzilla are affected by CVE-2004-0707?
Bugzilla versions 2.16.x before 2.16.6 and 2.18 before 2.18rc1 are affected by CVE-2004-0707.
Can CVE-2004-0707 be exploited by anyone?
CVE-2004-0707 can be exploited by remote attackers with privileges to grant membership to any group.
What kind of attack can CVE-2004-0707 facilitate?
CVE-2004-0707 can facilitate arbitrary SQL execution due to the SQL injection vulnerability in Bugzilla.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/remedy
agent/tags
agent/first-publish-date
agent/description
agent/event
agent/source
vendor/mozilla
canonical/mozilla bugzilla
version/mozilla bugzilla/2.17.6
version/mozilla bugzilla/2.16.1
version/mozilla bugzilla/2.16.2
version/mozilla bugzilla/2.17.4
version/mozilla bugzilla/2.10
version/mozilla bugzilla/2.17.1
version/mozilla bugzilla/2.16
version/mozilla bugzilla/2.14.2
version/mozilla bugzilla/2.14.3
version/mozilla bugzilla/2.14.4
version/mozilla bugzilla/2.6
version/mozilla bugzilla/2.17.5
version/mozilla bugzilla/2.17.3
version/mozilla bugzilla/2.4
version/mozilla bugzilla/2.16.4
version/mozilla bugzilla/2.12
version/mozilla bugzilla/2.8
version/mozilla bugzilla/2.16.3
version/mozilla bugzilla/2.14.5
version/mozilla bugzilla/2.17.7
version/mozilla bugzilla/2.17
version/mozilla bugzilla/2.14.1
version/mozilla bugzilla/2.16.5
version/mozilla bugzilla/2.14