Snitz Forums < 3.4.03 register.asp Email Parameter SQL Injection (deprecated)

high Nessus Network Monitor Plugin ID 1530

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is using Snitz Forum 2000. This set of CGI is vulnerable to a SQL injection issue which may allow an attacker to execute arbitrary commands on this host.

Solution

Upgrade to version 3.4.03 or higher.

See Also

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html

Plugin Details

Severity: High

ID: 1530

Family: CGI

Published: 8/18/2004

Updated: 1/15/2016

Nessus ID: 11621