Recruit

**Name of the Vulnerable Software and Affected Versions** Arab Portal versions 2.x **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via the `qc` parameter in an "addcomment" action in the forum.php file, but only when magic quotes gpc is disabled. **Recommendations** For Arab Portal version 2.x, consider disabling the `addcomment` action in the forum.php file until a patch is available, or ensure that magic quotes gpc is enabled to prevent exploitation.