CyberSec.Space Logo
CVEブラウザに戻る

CVE-2002-0607

HIGH
7.5
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile3.65th
Published2002年6月18日
Last Modified2026年4月16日

Vulnerability Description

members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.

Affected Platforms (CPE)

📦
Snitz Communications

Snitz Forums 2000

= 3.0
📦
Snitz Communications

Snitz Forums 2000

= 3.1
📦
Snitz Communications

Snitz Forums 2000

= 3.3
📦
Snitz Communications

Snitz Forums 2000

= 3.3.01
📦
Snitz Communications

Snitz Forums 2000

= 3.3.02
📦
Snitz Communications

Snitz Forums 2000

= 3.3.03

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
🔗 http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
🔗 http://www.iss.net/security_center/static/8898.php
🔗 http://www.securityfocus.com/bid/4558
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
🔗 http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
🔗 http://www.iss.net/security_center/static/8898.php
🔗 http://www.securityfocus.com/bid/4558

関連する脆弱性情報

CVE-2006-56039.8

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands ...

CVE-2002-03297.5

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as ...

CVE-2003-02867.5

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote att...

CVE-2007-10237.5

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL comma...