Bl4Ckw0Rm

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.0.18.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `name` parameter in the `Form/Email` array to either the "entry/signin" or "entry/passwordrequest" API endpoints. **Recommendations** For versions prior to 2.0.18.8, update to version 2.0.18.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "entry/signin" and "entry/passwordrequest" endpoints until the update is applied. Avoid using the `name` parameter in these endpoints until the issue is resolved.