CVE-2003-0286

Опубликовано: 16 июн. 2003

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.

Ссылки

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html
http://marc.info/?l=bugtraq&m=105277599131134&w=2
http://osvdb.org/56166
http://packetstormsecurity.org/0305-exploits/snitz_exec.txt
Exploit
http://secunia.com/advisories/35733
Vendor Advisory
http://www.securityfocus.com/bid/35764
Exploit
Patch
http://www.securityfocus.com/bid/7549
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11981
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html
http://marc.info/?l=bugtraq&m=105277599131134&w=2
http://osvdb.org/56166
http://packetstormsecurity.org/0305-exploits/snitz_exec.txt
Exploit
http://secunia.com/advisories/35733
Vendor Advisory
http://www.securityfocus.com/bid/35764
Exploit
Patch
http://www.securityfocus.com/bid/7549
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11981

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*

Версия до 3.3.03 (включая)

EPSS

Процентиль: 76%

0.01011

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-6fp7-cr5p-93qp

github

больше 3 лет назад