Bhfh01

**Name of the Vulnerable Software and Affected Versions** ibProArcade versions 2.5.2 and earlier **Description** A SQL injection issue exists in the report module of ibProArcade, allowing remote attackers to execute arbitrary SQL commands. The issue is related to the `user` parameter in the index.php file. **Recommendations** For ibProArcade versions 2.5.2 and earlier, update to a version that contains a fix for this issue, as using the vulnerable version allows remote attackers to execute arbitrary SQL commands via the `user` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.