CVE-2010-4812

Name of the Vulnerable Software and Affected Versions 6kbbs version 8.0 build 20100901

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the tids[] parameter to "ajaxadmin.php" and the msgids[] parameter to "ajaxmember.php".

Recommendations For version 8.0 build 20100901, consider restricting access to the "ajaxadmin.php" and "ajaxmember.php" API endpoints until a patch is available. As a temporary workaround, avoid using the tids[] and msgids[] parameters in the affected API endpoints.