Intrusion Prevention

Snitz.Forums.Pop_Profile.SQL.Injection

Description

Snitz Forums 2000 has an SQL injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "pop_profile.asp" script with the "id" parameter.

Affected Products

Snitz Forums 2000 3.1 SR4

Impact

SQL injection.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.
http://forum.snitz.com/

CVE References

CVE-2007-1023