Tt · Ttforum · CVE-2003-1458
**Name of the Vulnerable Software and Affected Versions**
ttCMS version 2.2
ttForum version 2.2
**Description**
A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `member name` variable.
**Recommendations**
For ttCMS version 2.2, update to a newer version that contains a fix for this issue.
For ttForum version 2.2, update to a newer version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the Profile.php file until a patch is available.