Release DateApr 13, 2007 |
Severitymedium |
ImpactSQL injection. |
DescriptionSnitz Forums 2000 has an SQL injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "pop_profile.asp" script with the "id" parameter. |
Affected ProductsSnitz Forums 2000 3.1 SR4 |
Recommended ActionsCurrently we are not aware of any official supplied fix for this issue.http://forum.snitz.com/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1023 |
Reference/shttp://www.securityfocus.com/bid/22593 (BugTraq) |
