← CVECheck
HomeVulnerabilities

CVE-2004-0707 — HIGH severity vulnerability (SQL injection vulnerability in editusers.cgi in Bugzilla 2.1)

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.

CVE IDCVE-2004-0707
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2004-07-27
Last modified2026-04-16
DescriptionSQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →