Description
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Maestro De-Seguridad · textwebappsasp
https://www.exploit-db.com/exploits/24604
References (5)
Core 5
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12590
Vendor Advisory x_refsource_confirm
http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109537195413691&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11201
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17421
Scores
EPSS
0.0775
EPSS Percentile
92.0%
Details
Status
published
Products (9)
snitz_communications/snitz_forums_2000
3.0
snitz_communications/snitz_forums_2000
3.1 sr4
snitz_communications/snitz_forums_2000
3.3
snitz_communications/snitz_forums_2000
3.3.01
snitz_communications/snitz_forums_2000
3.3.02
snitz_communications/snitz_forums_2000
3.3.03
snitz_communications/snitz_forums_2000
3.4.02
snitz_communications/snitz_forums_2000
3.4.03
snitz_communications/snitz_forums_2000
3.4.04
Published
Sep 16, 2004
Tracked Since
Feb 18, 2026