Snitz Forum < 3.4.0.08 SQL Injection
High Nessus Network Monitor Plugin ID 5105
SynopsisThe remote host is vulnerable to a SQL Injection attack
DescriptionThe remote host seems to be running Snitz Forum, a web forum application implemented in ASP. This version of Snitz is reported vulnerable to a SQL injection flaw within the 'email' parameter of the 'register.asp' script. An attacker, exploiting this flaw, would send specially formed HTTP queries to the register.asp script. These queries would include SQL statements which would ultimately be executed on the database utilized by Snitz.
SolutionUpgrade to Snitz Forum 3.4.0.08 or higher