Lucene search

[email protected]NVD:CVE-2002-0607

HistoryJun 18, 2002 - 4:00 a.m.

CVE-2002-0607

2002-06-1804:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.008

Percentile

81.8%

JSON

members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.

Affected configurations

Nvd

Node

snitz_communicationssnitz_forums_2000Match3.0

snitz_communicationssnitz_forums_2000Match3.1sr4

snitz_communicationssnitz_forums_2000Match3.3

snitz_communicationssnitz_forums_2000Match3.3.01

snitz_communicationssnitz_forums_2000Match3.3.02

snitz_communicationssnitz_forums_2000Match3.3.03

VendorProductVersionCPE
snitz_communicationssnitz_forums_20003.0cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:*:*:*:*:*:*:*
snitz_communicationssnitz_forums_20003.1cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4:*:*:*:*:*:*
snitz_communicationssnitz_forums_20003.3cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:*:*:*:*:*:*:*
snitz_communicationssnitz_forums_20003.3.01cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:*:*:*:*:*:*:*
snitz_communicationssnitz_forums_20003.3.02cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:*:*:*:*:*:*:*
snitz_communicationssnitz_forums_20003.3.03cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
snitz_communications	snitz_forums_2000	3.0	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.0:::::::*
snitz_communications	snitz_forums_2000	3.1	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.1:sr4::::::
snitz_communications	snitz_forums_2000	3.3	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3:::::::*
snitz_communications	snitz_forums_2000	3.3.01	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.01:::::::*
snitz_communications	snitz_forums_2000	3.3.02	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.02:::::::*
snitz_communications	snitz_forums_2000	3.3.03	cpe:2.3:a:snitz_communications:snitz_forums_2000:3.3.03:::::::*

References

archives.neohapsis.com/archives/bugtraq/2002-04/0279.html

forum.snitz.com/forum/topic.asp?TOPIC_ID=26770

www.iss.net/security_center/static/8898.php

www.securityfocus.com/bid/4558

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.008

Percentile

81.8%

JSON

Related for NVD:CVE-2002-0607

cvelist1 exploitdb1 cve1