Snitz Forum < 3.4.0.07 active.asp BuildTime Parameter SQL Injection
High Nessus Network Monitor Plugin ID 4306
SynopsisThe remote host is vulnerable to a SQL injection attack.
DescriptionThe remote host appears to be running Snitz Forum, a web forum application implemented in ASP. This version of Snitz is reported to be vulnerable to a SQL injection flaw within the 'active.asp' script. An attacker exploiting this flaw would send specially formed HTTP queries to the active.asp script. These queries would include SQL statements that would ultimately be executed on the database utilized by Snitz.
SolutionUpgrade to version 3.4.0.07 or higher.