1. CVE-Search
  2. CVE-2006-2959
ID CVE-2006-2959
Summary SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
References
Vulnerable Configurations
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04:*:*:*:*:*:*:*
  • cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*
    cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18362
bugtraq 20060610 [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability
confirm http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
misc http://www.kapda.ir/advisory-343.html
sectrack 1016267
sreason 1075
xf snitzforums-incheader-sql-injection(27080)
Last major update 18-10-2018 - 16:44
Published 12-06-2006 - 20:06
Last modified 18-10-2018 - 16:44
Back to Top