CVE-2006-0913
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
Date published : 2006-02-28
http://www.securityfocus.com/bid/16738
http://www.securityfocus.com/archive/1/425584/100/0/threaded