Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2959

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2959
Last Modified 05 Sep 2008 05:05:53
Published 12 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2959

Summary

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

Vulnerable Systems

Application

  • Snitz Communications Snitz Forums 2000 3.0

  • Snitz Communications Snitz Forums 2000 3.1

  • Snitz Communications Snitz Forums 2000 3.3

  • Snitz Communications Snitz Forums 2000 3.3.01

  • Snitz Communications Snitz Forums 2000 3.3.02

  • Snitz Communications Snitz Forums 2000 3.3.03

  • Snitz Communications Snitz Forums 2000 3.4.02

  • Snitz Communications Snitz Forums 2000 3.4.03

  • Snitz Communications Snitz Forums 2000 3.4.04

  • Snitz Communications Snitz Forums 2000 3.4.05


References

BID - 18362

BUGTRAQ - 20060610 [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability

MISC - http://www.kapda.ir/advisory-343.html

SECTRACK - 1016267

CONFIRM - http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049

XF - snitzforums-incheader-sql-injection(27080)

SREASON - 1075


Last Updated: 27 May 2016 10:42:50