Vulnerabilities > CVE-2006-2959 - SQL Injection vulnerability in Snitz Forums inc_header.ASP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
Vulnerable Configurations
References
- http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
- http://securityreason.com/securityalert/1075
- http://securitytracker.com/id?1016267
- http://www.kapda.ir/advisory-343.html
- http://www.securityfocus.com/archive/1/436702/100/0/threaded
- http://www.securityfocus.com/bid/18362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27080