Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Snitz Forums 2000 Members.ASP可插入SQL指令漏洞
Vulnerability Description
Snitz Forums 2000是一套基于ASP的Web论坛程序,它提供论坛注册,快速发贴,分区、论坛、主题订阅和快速回复等功能。 Snitz Forums 2000中的members.asp脚本对用户输入缺少正确的检查,可以导致攻击者插入SQL命令对数据库进行操作。 在members.asp脚本中,当按标准列出成员信息时,input (M_NAME)没有很好的检查用户提交的数据,攻击者可以提交与UNION结合的SELECT语句对数据库进行操作,导致数据库任意数据被查看或者破坏数据库。
CVSS Information
N/A
Vulnerability Type
N/A