CVE-2002-0010

Public Date:: 2002-01-05

Bugzilla:: 1616718: CVE-2002-0010 security flaw

The MITRE CVE dictionary describes this issue as:

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges.

Find out more about CVE-2002-0010 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat Powertools 7.1	RHSA-2002:001	2002-01-15
Red Hat Powertools 7.0	RHSA-2002:001	2002-01-15

Last Modified 2018-08-17T03:09:13+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

CVE-2002-0010

Red Hat Security Errata