Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Snitz_forums_2000 | Snitz_communications | * | 3.4.06 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.0 (including) | 3.0 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.1 (including) | 3.1 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.1-sr4 (including) | 3.1-sr4 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.2.03 (including) | 3.2.03 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3 (including) | 3.3 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3.01 (including) | 3.3.01 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3.02 (including) | 3.3.02 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.3.03 (including) | 3.3.03 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.4.02 (including) | 3.4.02 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.4.03 (including) | 3.4.03 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.4.04 (including) | 3.4.04 (including) |
| Snitz_forums_2000 | Snitz_communications | 3.4.05 (including) | 3.4.05 (including) |