Yeat

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic quotes gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.

**Name of the Vulnerable Software and Affected Versions** Insane Visions AdaptBB version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `topic id` parameter in a "topic" action to "index.php". The vulnerability is exploitable when `magic quotes gpc` is disabled. **Recommendations** For Insane Visions AdaptBB version 1.0, consider disabling the `topic id` parameter in the "topic" action to "index.php" until a patch is available. Additionally, enabling `magic quotes gpc` may help mitigate the risk of exploitation.