Bony2023

**Name of the Vulnerable Software and Affected Versions** bony2023 Discussion-Board (affected versions not specified) **Description** A critical issue has been found in the bony2023 Discussion-Board, affecting the `display all replies` function of the file functions/main.php. The manipulation of the `str` argument leads to sql injection. **Recommendations** Apply a patch to fix this issue, specifically the patch identified as 26439bc4c63632d63ba89ebc0f149b25a9010361. As a temporary workaround, consider disabling the `display all replies` function until a patch is available. Restrict access to the `functions/main.php` file to minimize the risk of exploitation. Avoid using the `str` argument in the affected function until the issue is resolved.