CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0607

HIGH
7.5
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile3.65th
PublishedJun 18, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.

Affected Platforms (CPE)

πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.0
πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.1
πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.3
πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.3.01
πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.3.02
πŸ“¦
Snitz Communications

Snitz Forums 2000

= 3.3.03

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
πŸ”— http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
πŸ”— http://www.iss.net/security_center/static/8898.php
πŸ”— http://www.securityfocus.com/bid/4558
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
πŸ”— http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
πŸ”— http://www.iss.net/security_center/static/8898.php
πŸ”— http://www.securityfocus.com/bid/4558

Related Vulnerabilities

CVE-2006-56039.8

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands ...

CVE-2002-03297.5

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as ...

CVE-2003-02867.5

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote att...

CVE-2007-10237.5

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL comma...