CVE-2006-5603

CRITICAL

Snitz Forums 2000 3.4.06 - SQL Injection via RC Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5603. PoCs published by Arham Muhammad.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Snitz Forums 2000 version 3.4.06, but it lacks actual exploit code. The note indicates the issue is not exploitable, making this a writeup rather than a functional PoC.

Description

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Arham Muhammad · textwebappsasp

https://www.exploit-db.com/exploits/28857

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Snitz Forums 2000 version 3.4.06, but it lacks actual exploit code. The note indicates the issue is not exploitable, making this a writeup rather than a functional PoC.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Snitz Forums 2000 3.4.06

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20712

Scores

CVSS v3 9.8

EPSS 0.0136

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

snitz_communications/snitz_forums_2000 3.4.06

Published Oct 30, 2006

Tracked Since Feb 18, 2026