VULHUB ™

A SQL injection attack due to an input validation error has been reported. The vulnerability is said to be in the "index.php" scripts on both PowerBoard and vBulletin installations when the module is enabled. The HTML variable "id" for PowerBoard users and "userid" for vBulletin users is reportedly not properly escaped before it is embedded in a SQL query string.

A SQL injection attack due to an input validation error has been reported. The vulnerability is said to be in the "index.php" scripts on both PowerBoard and vBulletin installations when the module is enabled. The HTML variable "id" for PowerBoard users and "userid" for vBulletin users is reportedly not properly escaped before it is embedded in a SQL query string.