CVE-2003-1042

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.

Date published : 2004-06-03

http://www.securityfocus.com/bid/8953

http://www.securityfocus.com/archive/1/343185