Sql injection

2006-06-1220:06:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.9%

JSON

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

CPENameOperatorVersion
snitz_forums_2000eq3.1 sr4
snitz_forums_2000eq3.4.03
snitz_forums_2000eq3.3.01
snitz_forums_2000eq3.3.02
snitz_forums_2000eq3.4.05
snitz_forums_2000eq3.4.02
snitz_forums_2000eq3.4.04
snitz_forums_2000eq3.0
snitz_forums_2000eq3.3
snitz_forums_2000eq3.3.03

Name	Operator	Version
snitz_forums_2000	eq	3.1 sr4
snitz_forums_2000	eq	3.4.03
snitz_forums_2000	eq	3.3.01
snitz_forums_2000	eq	3.3.02
snitz_forums_2000	eq	3.4.05
snitz_forums_2000	eq	3.4.02
snitz_forums_2000	eq	3.4.04
snitz_forums_2000	eq	3.0
snitz_forums_2000	eq	3.3
snitz_forums_2000	eq	3.3.03

References

forum.snitz.com/forum/topic.asp?TOPIC_ID=62049

securityreason.com/securityalert/1075

securitytracker.com/id?1016267

www.kapda.ir/advisory-343.html

www.securityfocus.com/archive/1/436702/100/0/threaded

www.securityfocus.com/bid/18362

exchange.xforce.ibmcloud.com/vulnerabilities/27080