CVE-2006-2959 | Vulnerability Database | Aqua Security

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.

Affected Software

Name	Vendor	Start Version	End Version
Snitz_forums_2000	Snitz_communications	3.1	3.1
Snitz_forums_2000	Snitz_communications	3.4.03	3.4.03
Snitz_forums_2000	Snitz_communications	3.3.01	3.3.01
Snitz_forums_2000	Snitz_communications	3.3.02	3.3.02
Snitz_forums_2000	Snitz_communications	3.4.05	3.4.05
Snitz_forums_2000	Snitz_communications	3.4.02	3.4.02
Snitz_forums_2000	Snitz_communications	3.4.04	3.4.04
Snitz_forums_2000	Snitz_communications	3.0	3.0
Snitz_forums_2000	Snitz_communications	3.3	3.3
Snitz_forums_2000	Snitz_communications	3.3.03	3.3.03

References

http://www.kapda.ir/advisory-343.html
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
http://www.securityfocus.com/bid/18362
http://securitytracker.com/id?1016267
http://securityreason.com/securityalert/1075
https://exchange.xforce.ibmcloud.com/vulnerabilities/27080
http://www.securityfocus.com/archive/1/436702/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2959
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html