CVE-2008-6091

Name of the Vulnerable Software and Affected Versions BMForum version 5.6

Description A SQL injection issue exists due to insufficient input validation in the plugins.php file when magic quotes gpc is disabled. This allows remote attackers to execute arbitrary SQL commands by manipulating the tagname parameter in a specific API endpoint.

Recommendations For BMForum version 5.6, consider disabling the tagname parameter or restricting access to the plugins.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.