Vulnerability Details CVE-2006-2959
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
- http://securityreason.com/securityalert/1075
- http://securitytracker.com/id?1016267
- http://www.kapda.ir/advisory-343.html
- http://www.securityfocus.com/archive/1/436702/100/0/threaded
- http://www.securityfocus.com/bid/18362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27080
- http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
- http://securityreason.com/securityalert/1075
- http://securitytracker.com/id?1016267
- http://www.kapda.ir/advisory-343.html
- http://www.securityfocus.com/archive/1/436702/100/0/threaded
- http://www.securityfocus.com/bid/18362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27080
Products affected by CVE-2006-2959
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.02
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.04
-
cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.05