CVE-2002-0607
Snitz Forums 2000 3.3.03 - SQL Injection via M_NAME UserName FirstName LastName or INITIAL Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0607. PoCs published by acemi.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Snitz Forums 2000 via the members.asp script. The attacker can manipulate the M_NAME parameter to inject SQL commands, potentially leading to information disclosure or data modification.
Description
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in Snitz Forums 2000 via the members.asp script. The attacker can manipulate the M_NAME parameter to inject SQL commands, potentially leading to information disclosure or data modification.