CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
53.2%
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before
2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to
grant membership to any group to execute arbitrary SQL.