Snitz Forums < 3.4.03 register.asp Email Parameter SQL Injection (deprecated)

High Nessus Network Monitor Plugin ID 1530

Synopsis

The remote web server contains a script which is vulnerable to a SQL injection attack.

Description

The remote host is using Snitz Forum 2000. This set of CGI is vulnerable to a SQL injection issue which may allow an attacker to execute arbitrary commands on this host.

Solution

Upgrade to version 3.4.03 or higher.

See Also

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html

Plugin Details

Severity: High

ID: 1530

Family: CGI

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 11621

Risk Information

Risk Factor: High