ADVISORY

Product:- PhpForumPro from W2B

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
PhpForumPro from W2B.
phpForumPro is a fast and powerful, password protected private discussion forum application built with the industry standard PHP4 scripting language and powered by the MySQL database engine.



DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "parent" parameter in "index.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.There are other parameters also where the input is not properly filtered and will result in sql injection.


SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied