CVE-2013-0735

Name of the Vulnerable Software and Affected Versions Mingle Forum plugin versions prior to 1.0.34

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in a viewtopic action, such as remove post, sticky, or closed, or the thread parameter in a postreply action to "index.php".

Recommendations For Mingle Forum plugin versions prior to 1.0.34, update to version 1.0.34 or later to resolve the issue.