Snitz.Forums.Pop_Profile.SQL.Injection
Description
Snitz Forums 2000 has an SQL injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "pop_profile.asp" script with the "id" parameter.
Affected Products
Snitz Forums 2000 3.1 SR4
Impact
SQL injection.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
http://forum.snitz.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |